Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement

By   ISBuzz Team
Writer , Information Security Buzz | Oct 12, 2023 05:10 am PST

In a startling disclosure, the malicious extortion group, BianLian, has claimed responsibility for breaching the network of Air Canada, the nation’s premier airline and a founding member of Star Alliance. This revelation comes amidst a contrasting statement from Air Canada in September, downplaying the severity of the breach.

The nefarious BianLian group has purportedly made away with a whopping 210GB of data following the network intrusion. This claim starkly contrasts the earlier statement from Air Canada, which had indicated only a limited impact concerning some employee information and certain records.

Adding salt to the wound, BianLian, notorious for its extortion endeavors, went on to share screenshots of the purloined data on their dark web leak site, evidently mocking the airline’s understated disclosure. The data, as claimed by the extortionists, encompasses a broad spectrum ranging from technical and operational documents, SQL backups, employee personal information, vendor and supplier data, to confidential documents and archives from company databases spanning from 2008 to 2023.

The extortion group, which switched its modus operandi to extortion-only attacks since January 2023, chided Air Canada for disseminating “half-truths” about the attack. They provided a detailed account of their attack on their official dark leak site, casting doubts on the airline’s transparency regarding the incident..

Air Canada, on its part, acknowledged the extortion threats but did not confirm BianLian’s claims of orchestrating the breach. They reiterated their unwillingness to engage with the anonymous group’s claims based on cybercrime, urging responsible reporting on such issues. The airline has yet to provide further details regarding the number of affected individuals, the exact date of the breach, and its detection timeline.

As the clouds of uncertainty loom, the saga reveals the critical importance of cybersecurity in safeguarding sensitive organizational and customer data against the ever-evolving threat landscape. The contrasting narratives between Air Canada and the BianLian extortion group underscore the challenge of navigating the murky waters of cybersecurity and the imperative of robust, transparent responses to such adversarial actions.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Mike Newman
Mike Newman , CEO
October 12, 2023 1:12 pm

“These are worrying claims that could mean criminals have access to highly sensitive information that would put Air Canada’s infrastructure, customers, and employees at risk.

BianLian is famous for targeting organisations via stolen privileged credentials, so the attack potentially once again highlights the need for organisations to improve the security of their workforce access. When it comes to defending against attacks on workforce credentials, organisations can improve security by removing the need for employees to remember, manage or ever see their passwords. This can be achieved using a modern workforce identity management solution that provides Single Sign-On and enterprise password management, enabling passwords to be used where applications rely on them, but have them hidden from the workforce, significantly improving the user experience while ensuring credentials can’t be stolen by attackers and then used in data breaches or extortion attacks.

If this high volume of data has been compromised, Air Canada must inform impacted parties as a priority, so they can be on alert for fraud and phishing scam, which are aiming to exploit them further by stealing more of their confidential data.” 

Last edited 1 month ago by Mike Newman
Ryan McConechy
Ryan McConechy , Principle Consultant
October 12, 2023 1:12 pm

“This is a position no organisation wants to find itself in. Announcing a cyberattack is damaging enough, but announcing a cyberattack with incorrect information can cause permanent damage. Air Canada announced last month that limited data was impacted in the breach, but now BianLian has stated it had much deeper access which allowed them to compromise gigabytes of sensitive information. Air Canada must continue its investigations into the breach to work out the validity of the claims. However, making false announcements on victims is something ransomware gangs avoid as it damages their reputations and profitability opportunities.

The incident is a further reminder of the powerless position organisations are placed in when facing extortion attacks. Regardless of whether the organisation’s data is encrypted, the attackers still have access to it, so they hold the power.

This means organisations must prioritise defences before attacks occur. This involves training employees on the techniques criminals use to access systems, keeping all systems up to date with the latest patches, running a regular back up system, layering security and implementing network segmentation to prevent attackers spreading. 

Furthermore, it is also advised that organisations take the average ransomware sum likely to be demanded from them in the event of a compromise – then use that figure as their budget for investing in adequate defensive tooling.”

Last edited 1 month ago by Ryan.McConechy

Recent Posts

Would love your thoughts, please comment.x