The BianLian extortion group claims to have stolen 210GB of knowledge after breaching the community of Air Canada, the nation’s largest airline and a founding member of Star Alliance.
Whereas the corporate stated in a press release issued in September that methods compromised within the breach included “restricted private info of some staff and sure data,” the attackers now declare that the stolen paperwork contained far more in depth info.
The menace actors additionally shared screenshots of the stolen information on their darkish internet information leak web site as proof and an in depth description of what was stolen from the airline’s community.
BianLian claims to have exfiltrated technical and operational information spanning from 2008 to 2023, together with particulars in regards to the firm’s technical and safety challenges, SQL backups, private info of staff, information concerning distributors and suppliers, confidential paperwork, and archives from firm databases.
“Worker private information is simply a small fraction of the dear information over which they’ve misplaced management,” the cybercrime gang stated.
“For instance, we’ve got SQL databases with firm technical and safety points. You may test it out for your self, a demo bundle with screenshots is offered beneath. Backups with this information can be found on our web site and at your request.”
BianLian is a ransomware group concentrating on crucial infrastructure organizations within the U.S. and Australia since June 2022. The gang switched to extortion-only assaults in January 2023 when Avast launched a decryptor for his or her ransomware.
In a press release shared with BleepingComputer as we speak, Air Canada stated they had been conscious of BianLian’s extortion threats however did not affirm the group’s claims that they had been behind the breach.
“BianLian had threatened to resort to exploiting the media of their unsuccessful extortion efforts,” an Air Canada spokesperson advised BleepingComputer by way of electronic mail.
“For that reason, we can not touch upon any claims made by an nameless group based mostly on cybercrime and we won’t add something to what we’ve got stated publicly. We belief that media will take into account this and report on points equivalent to this responsibly.”
The Canadian airline has but to reveal what number of staff had been affected by the incident, the date when its community was breached, and when the assault was detected.
Air Canada additionally warned a few of its clients in emails despatched as we speak to allow SMS-based multifactor authentication on their Aeroplan accounts and use sturdy passwords to defend in opposition to credential stuffing and password spraying assaults.
In 2018, Air Canada disclosed one other safety breach after unauthorized events accessed the profile info of 20,000 of its cell app customers.
Because of this incident, the airline was compelled to lock all 1.7 million cell app accounts to guard its clients’ information.
The attackers gained entry to a wealth of knowledge within the 2018 breach, together with cell app customers’ names, electronic mail addresses, and telephone numbers, in addition to passport numbers, expiration dates, and nation of issuance and residence.
Air Canada stated on the time that buyer bank card information wasn’t uncovered and that no aircanada.com accounts had been affected as they don’t seem to be related to the cell app.
This week, Air Europa, the third-largest airline in Spain, additionally warned clients to cancel their bank cards after attackers accessed their card info in a current information breach.
