23 February: Montreal, Canada

Bombardier suffered a limited cybersecurity breach, the company said in a press release. An unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network, the company said. The company initiated a response protocol upon detection of the data security incident. As part of its investigation, Bombardier sought the services of cybersecurity and forensic professionals who provided external confirmation that the company’s security controls were effective in limiting the scope and extent of the incident. Approximately 130 employees located in Costa Rica were impacted having personal and other confidential information relating to employees, customers and suppliers compromised.