author photo
By Bruce Sussman
Thu | Jan 31, 2019 | 10:47 AM PST

Airbus announced some of its systems have been breached in a cyber attack. Here are three things the company is saying so far about getting hacked.

Airbus hacking details

Airbus says the following:

  1. The hack involved its commercial aircraft business.
  2. Employee information was stolen, including professional contact and IT identification details.
  3. It is still investigating the hack's seriousness, including whether specific data was targeted.

Under GDPR, breach notification is required within 72 hours.

And as we've heard InfoSec leaders mention at SecureWorld, you may not know very much during that early time frame, other than the fact you have a cyber incident at your organization.

Complete Airbus statement on data breach

While we wait for more details, here is the complete Airbus data breach statement, or you can view a PDF of the Airbus announcement.

Airbus SE (stock exchange symbol: AIR) detected a cyber incident on Airbus “Commercial Aircraft business” information systems, which resulted in unauthorised access to data. There is no impact on Airbus’ commercial operations.

This incident is being thoroughly investigated by Airbus’ experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins.

Investigations are ongoing to understand if any specific data was targeted, however, we do know some personal data was accessed. This is mostly professional contact and IT identification details of some Airbus employees in Europe.

The company is in contact with the relevant regulatory authorities and the data protection authorities pursuant to the GDPR (General Data Protection Regulation). Airbus employees are being advised to take all necessary precautions going forward.

[RELATED: GE Aviation CISO: Cybersecurity Is Part of Everything We Do]