The BianLian extortion group declared that they accessed a substantial 210GB of data from Air Canada’s network, one of the country’s premier airlines and an initial member of the Star Alliance.

In a September announcement, Air Canada mentioned that the compromised systems contained “limited personal data of certain employees and specific records.” However, the attackers have since communicated that the pilfered documents held far more comprehensive data.

The perpetrators showcased snippets of the accessed data on their shadowy web data leak portal, accompanied by an exhaustive summary of the data extracted from the airline’s systems.

BianLian stated that they acquired technical and operational data ranging from 2008 to 2023. This data encompasses insights about Air Canada’s technical hitches and security hurdles, SQL backups, employee personal data, information related to vendors and suppliers, confidential papers, and data compilations from the company’s databases.

According to the digital crime syndicate, the personal details of employees represented only a minor portion of the significant data from which Air Canada lost possession. The group highlighted the availability of SQL databases that spotlight the company’s technical and security matters, emphasizing that backup copies of this data can be found on their website.

Having targeted essential infrastructure establishments in the U.S. and Australia since June 2022, BianLian shifted its focus to solely extortion-based activities by January 2023, subsequent to Avast unveiling a decryption tool for their ransomware.

In a communication relayed to BleepingComputer, Air Canada acknowledged being informed of the extortion intents by BianLian. However, they refrained from verifying the claims about BianLian’s involvement in the data breach.

An Air Canada representative commented on the group’s potential tactics to manipulate media for their extortion endeavors. The airline emphasized their choice to remain silent on speculative statements from such groups and urged the media to maintain responsible reporting.

Details, such as the number of employees impacted, the exact date of the network compromise, and the detection date of the attack, have not been shared by the Canadian airline. Yet, Air Canada advised its clientele through recent communications to activate SMS-based two-factor authentication for their Aeroplan accounts, emphasizing the importance of robust passwords as a countermeasure to potential unauthorized access attempts.

In a prior event from 2018, Air Canada unveiled a security flaw that led to third parties gaining access to data for 20,000 users of its mobile application. As a precautionary move, the airline took steps to secure all 1.7 million app accounts to safeguard user data. The breach revealed details such as user names, contact information, and passport specifics, but the airline clarified that customer credit card information remained untouched and that the primary website’s accounts were unaffected due to their detachment from the mobile application.

Recently, Spain’s third-largest airline, Air Europa, alerted its patrons to take precautionary steps following a breach that potentially exposed their credit card details.