Airbus warning over security breach

Plane maker admits breach of personal data, but claims that production has been unaffected

Airbus claims to have detected a "cyber incident" in its Commercial Aircraft business's IT systems, resulting in unauthorised access to data.

"This incident is being thoroughly investigated by Airbus' experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins," the company said in a statement.

Some personal data was accessed - which will almost certainly result in action under the EU's General Data Protection Regulation (GDPR) - but it is unclear whether the attackers were able to access sensitive technical information as well.

"Investigations are ongoing to understand if any specific data was targeted, however we do know some personal data was accessed. This is mostly professional contact and IT identification details of some Airbus employees in Europe," the company admitted.

The motive for the attack is also not clear.

Airbus is almost certainly a daily target of industrial espionage efforts, with the company's aerospace know-how coveted by governments around the world - not just from China, where the government has an ambitious plan to break the Boeing-Airbus duopoly in civil airliners, but also the US and Germany.

In 2015, the company sued over what it claimed was a "concrete suspicion" that security services in Germany spied on the company on behalf of the US National Security Agency.

Airbus IT security ought to be better than the average organisation's. When it was developing the A380 super-jumbo it architected its IT systems, conceptually, into four concentric circles based on the sensitivity of the data and work being conducted.

Suppliers, which included companies across the world working on various elements of the A380, would only be granted access to Airbus systems to collaborate with the company after they had been thoroughly audited - a process that included visits from members of Airbus' security teams to check out their IT security.

IT security has risen even further up the corporate agenda since the development of the A380, with the company now embedding IoT devices into its products able to send telemetry information back to teams on the ground.