Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Leak Data Stolen From Jet Maker Bombardier

Just as the cybercriminals behind the Clop ransomware operation made public information supposedly stolen from Canadian business jet manufacturer Bombardier, the company confirmed suffering a data breach.

Just as the cybercriminals behind the Clop ransomware operation made public information supposedly stolen from Canadian business jet manufacturer Bombardier, the company confirmed suffering a data breach.

In a Thursday statement, the jet maker revealed that an unauthorized party was able to access and steal data by exploiting a vulnerability in “a third-party file-transfer application.” While the company did not say which third-party software was compromised, the general characteristics of the incident suggest it was Accellion’s FTA service.

A 20-year-old file sharing service set to be retired on April 30, FTA was recently targeted in a cyber-attack that affected up to 100 Accellion customers, out of a total of 300 that were still using the application at the time of the attack.

These include Australian health and transport agencies, U.S.-based law firm Jones Day, and grocery and pharmacy chain Kroger. The attacks, security researchers with FireEye say, appear linked to the TA505 spin-off FIN11.

The threat actors behind the attack on Accellion’s software have been sending extortion emails to organizations affected by the incident, threatening to share the stolen data publicly on the “CL0P^_- LEAKS” Tor website.

With data pertaining to Bombardier emerging on the website and the company disclosing a data breach caused by a third-party application used for file transfer, it’s clear that Accellion’s FTA was responsible for this incident.

“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised. Approximately 130 employees located in Costa Rica were impacted,” Bombardier says.

The company also notes that it has launched an investigation into the incident and that law enforcement was informed on the issue. It also claims that only the “data stored on the specific servers” was affected, and that its network was not compromised.

“Manufacturing and customer support operations have not been impacted or interrupted. Bombardier can also confirm the company was not specifically targeted—the vulnerability impacted multiple organizations using the application,” Bombardier also says.

In addition to data taken from Bombardier, the attackers behind the Clop operation also leaked information supposedly stolen from Pentair and CSA Group. However, neither of these companies has confirmed a data breach yet.

Related: Over 1 Million Impacted by Data Breach at Washington State Auditor

Related: New Zealand Central Bank Says Accellion Service at Heart of Cyberattack

Related: Australian Corporate Regulator Discloses Breach Involving Accellion Software

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.