Air Canada reports data breach, exposed employee data

Air Canada, the largest airline in Canada, reported a breach where an unauthorized group gained access to its internal system, compromising the personal information of an undisclosed number of employees. The breach is characterized as a "limited" breach affecting specific records within the company.

The airline assures that the breach had no impact on their flight operations systems or their customer-facing systems, and categorically states that no customer information had been accessed or compromised during this incident.

However, details regarding when the breach occurred or when it was first discovered were not disclosed.

Air Canada informed relevant authorities about the breach and reaching out to the affected employees.

The Office of the Privacy Commissioner of Canada has received a breach report from Air Canada and is currently reviewing it to determine the appropriate steps and actions. As Air Canada is headquartered in Montreal, it is likely that the police jurisdiction in Quebec has been contacted.

Update - The BianLian extortion claims responsibility for the attack and states they have stolen 210GB of data from the network of Air Canada.
While the company stated that the breach included "limited personal information of some employees," the hackers claim that the stolen data contains extensive information.
The threat actors shared screenshots of the stolen data on their dark web data leak website. Air Canada has confirmed that they are aware of the BianLian claims, but haven't confirmed those claims.