Excerpt from Investing Article – Published on October 19, 2023

In the aftermath of a 210 GB data breach, the BianLian ransomware group has issued threats to Air Canada, challenging the airline’s portrayal of the incident.

The breach, which Air Canada confirmed in September 2023, was initially described as having limited impact, focusing on the personal information of some employees and select records. However, BianLian has disputed this characterization, accusing the airline of presenting “half-truths” and initiating media extortion efforts.

The ransomware group claims to have obtained a substantial trove of technical and operational data spanning from 2008 to 2023. This extensive haul includes vendor and supplier information, SQL backups, confidential documents, database archives, and personal details of employees. BianLian emphasizes that compromised customer data is just a fraction of the critical data they possess.

While the extent of the breach remains uncertain, experts warn that inaccurate disclosures can cause lasting damage. Air Canada must verify the validity of these claims through ongoing investigations.

Notably, BianLian refrained from encrypting Air Canada’s IT infrastructure due to potential damage but criticized the airline’s response to the breach. The group urged the removal of potentially compromising software and expressed concern that operations continued without adequate safeguards. Air Canada’s CEO, Mike Newman, stressed the need to inform affected parties promptly to mitigate fraud and phishing risks.

Air Canada alleges that the ransomware group attempted media exploitation after failing to secure a ransom payment. They call for responsible media reporting and stress that these are claims made by an anonymous cybercrime group.

This incident marks the second data breach for Air Canada in five years, with the BianLian ransomware group posing a significant cyber threat by targeting critical infrastructure. They compromise victims through leaked Remote Desktop Protocol (RDP) credentials, as disclosed by the Cybersecurity and Infrastructure Security Agency (CISA) in May 2023.

To delve deeper into this topic, please read the full article on CPOMagazine.