Air Canada AC-T says an unauthorized group of people obtained access to its internal system, compromising the personal information of an unknown number of employees working for the country’s largest airline.
In a brief statement on Wednesday afternoon, Air Canada spokesperson Peter Fitzpatrick said “certain records” were affected by the “limited” breach, without naming which ones. The flagship carrier would not say when the hack happened or when it first learned about the cybersecurity incident.
“We can confirm that our flight operations systems and customer-facing systems were not affected. No customer information was accessed,” Mr. Fitzpatrick said, noting that Air Canada has notified relevant authorities and contacted some workers.
“We can also confirm all our systems are fully operational. We have since implemented further enhancements to our security measures, including with the help of leading global cybersecurity experts, to prevent such incidents in the future as part of our ongoing commitment to maintaining the security of the data we hold.”
Air Canada said it will not be providing any other details about the matter, “as the personal information accessed was strictly internal,” according to Mr. Fitzpatrick.
The Office of the Privacy Commissioner of Canada has received a breach report from Air Canada, said senior communications adviser Vito Pilieci. “We are now reviewing that report in order to determine next steps,” Mr. Pilieci told The Globe and Mail.
RCMP spokesperson Kim Chamberland said, given that Air Canada is headquartered in Montreal, the police of jurisdiction in Quebec is likely to have been contacted by the company. The Sûreté du Québec and RCMP in that province did not respond to requests for comment on Wednesday.
Companies across Canada – public and private – have been glutted by data breaches and cyberattacks, which the RCMP and the Communications Security Establishment said in late August will continue to pose a significant threat to national security and economic prosperity over the next two years.
Just last week, The Weather Network’s website and app was taken down by a hack, forcing its parent company Pelmorex Corp. to call in the RCMP as it probed the incident. Over the past year, the Prime Minister’s Office, grocery giant Empire Co. Ltd., Indigo Books & Music Inc., Vancouver’s transit police, the Liquor Control Board of Ontario and many others have been struck by hackers.
Still, federal cybersecurity legislation meant to protect Canada’s critical services has languished in early reading stages since 2021, even as these incidents have increased. And experts say many companies are not investing nearly as much as they should toward cybersecurity.