Airbus has been hacked; thousands of employees data stolen

An investigation on the incident has been initiated

Airbus, a major aviation company, has revealed a hacking incident that resulted in employees’ data theft.  According to network security and ethical hacking specialists from the International Institute of Cyber Security, the company detected the incident in their systems and concluded that there was an unauthorized access; however, the attackers did not manage to compromise the Airbus commercial operations.

“The incident has been investigated by our experts, who have taken the necessary steps to reinforce our security and mitigate the potential impact, and we are also working to find the origin of the attack”, Airbus mentioned.

The company admits that it is still unaware of the real impact of the incident, so it is not possible to list the information that the attackers have accessed to. “Our network security team is conducting research to determine if the attackers were looking for any specific data groups, so far we can only say that personal data has been compromised during the incident, mainly the information of some of the Airbus employees in Europe.”

European data protection legislation, known as GDPR, requires companies to report these incidents to the authorities within the first 72 hours after they’re discovered. The company claims that it has been conducted in accordance with this legislation.

The way the attackers accessed Airbus systems is still unknown, although some network security specialists believe that the attack could begin with simple phishing techniques applied against the company’s personnel. “Airbus has issued recommendations for employees to take their precautions when working online,” says the company.

Some media handle the version that these attacks have a political motivation because of the exit of the United Kingdom of the European Union (Brexit). The company’s stance on the Brexit has generated concern and controversy, as Airbus has threatened to withdraw its operations from the European Union if the United Kingdom fails to achieve a satisfactory exit agreement. “Airbus could make detrimental decisions for the UK if the Brexit does not include a good deal,” said Tom Enders, CEO of the company.

Airbus UK generates around 15k jobs in the UK, so the Brexit would impact directly on the Airbus plant in Wales, where more than 5k people work, as well as in Filton, England, where the company employs another 3k British citizens. Enders believes that the British aerospace market is at the edge of the precipice because of the uncertainty generated by the lack of an agreement to leave the European Union.

Although these could politically motivated attacks, it is a fact that aeronautical companies are an attractive target for cybercriminals, especially because of the intellectual properties that protect these companies.

For example, in 2014, the FBI accused three Chinese citizens of hacking against Boeing and other military contractor companies; hackers were trying to steal commercial secrets from the company’s planes. 

Hackers remained within the Boeing network for at least one year before being discovered, stealing blueprints from some aircraft models, among other confidential information.