The French aircraft manufacturer Airbus reported it detected a cyber incident on its commercial aircraft business information systems, which resulted in unauthorized access to personal data.
The company said in a statement there is no impact on Airbus’ commercial operations.
“This incident is being thoroughly investigated by Airbus’ experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins,” Airbus said in a statement.
Colin Bastable, CEO of Lucy Security, noted Airbus certainly needs to take immediate action.
“Two immediate points come to mind. First, Airbus needs to hire some new experts pronto. This ain’t rocket science – attacks on major western engineering combines are to be expected. Secondly, the attack was aimed at people who are potential targets for sophisticated social-engineering led attacks. This could well mean that the attackers are tasked with stealing Intellectual Property in Airbus’ Defense and Space divisions,” he said.
An ongoing investigation is focused on finding out whether any specific data was targeted. “However, we do know some personal data was accessed,” Airbus admitted, without divulging the quantity of absconded records.
The information accessed was “mostly professional contact and IT identification details of some Airbus employees in Europe,” the company stated, without mentioning whether any customer account data was impacted.
Airbus said it is in contact with the relevant regulatory authorities and the data protection authorities pursuant to the GDPR (General Data Protection Regulation).
In addition, Airbus employees are being advised to take all necessary precautions going forward.