The regional American airline Envoy Air on Friday became the second company to confirm that information was stolen by hackers who breached their Oracle E-Business Suite application.
A spokesperson for the airline confirmed that its IT system was impacted by the recent hacking campaign allegedly launched by Russian cybercriminal group Clop. Envoy Air, a wholly-owned subsidiary of American Airlines, said a “limited amount of business information and commercial contact details may have been compromised.”
On Thursday evening, the cybercriminals claimed to have stolen an undisclosed amount of information from American Airlines, adding the company to its leak site.
An American Airlines spokesperson said the claim pertained to Envoy Air and that American Airlines itself does not use the Oracle E-Business Suite application.The parent company conducted a review over the last few weeks to confirm that the incident was related to the subsidiary, the spokesperson said.
“We are aware of the incident involving Envoy’s Oracle E-Business Suite application. Upon learning of the matter, we immediately began an investigation and law enforcement was contacted,” an Envoy Air spokesperson told Recorded Future News.
“We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected.”
The spokesperson confirmed that the incident is specific to Envoy Air and said it had no impact on flight or airport ground handling operations. The company did not respond to questions about when the breach occurred or how long Clop was inside its systems.
Envoy Air has more than 20,000 employees, providing regional flight services to more than 160 destinations under the American Eagle brand and managing about 800 daily flights.
It also offers ground handling services for a number of American Airlines flights in Dallas, Chicago and Miami. The Texas-based company was formed as a consolidation of several smaller regional airlines.
On Monday, Harvard University became the first entity to confirm being impacted by the campaign. Oracle did not respond to requests for comment but incident responders at Mandiant previously said they are aware of dozens of victims, but “expect there are many more.”
Reports from Google and other security firms indicate the hackers used a variety of vulnerabilities in Oracle E-Business Suite to gain access, including at least one newly discovered bug that was added to a federal watchlist last week.
The Clop cybercriminal group initially attempted to extort corporate executives by threatening to leak sensitive information stolen through the application. Oracle confirmed the campaign but initially said the hackers were exploiting bugs that had been addressed in a July update, without specifying which vulnerabilities were being used.
FBI Assistant Director Brett Leatherman said last week that one of the bugs exploited in the campaign is a “‘stop-what-you’re-doing and patch immediately’ vulnerability.”
Recorded Future
Intelligence Cloud.
Learn more.
