Bombardier’s supply chain attack, Accellion’s latest victim
It’s beginning to feel like groundhog day. Another day, another cyberattack, or so it feels. Although the breach was said to have affected ‘less than 50 customers,’ and within 72 hours Accellion had fixed the zero-day vulnerability, two weeks after disclosure, the impacts are still being felt.
Canadian plane maker Bombardier confirmed yesterday that it had suffered a “limited” security breach.
“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised,” the firm said in a statement. “Approximately 130 employees located in Costa Rica were impacted. Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised.
“The ongoing investigation indicates that the unauthorised access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted.
“Bombardier can also confirm the company was not specifically targeted – the vulnerability impacted multiple organisations using the application. Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders.”
“Accellion has patched all known FTA vulnerabilities exploited by the threat actors and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors,” confirmed Accellion in a press release.
Accellion said it had identified two distinct groups of affected FTA users. Out of 300 clients, less than 100 were attack victimes and fewer than 25 are known to have suffered any data loss. Reserve Bank of New Zealan, Singaporean telco Singtel and law firm Jones Day are among those to have had data stolen by the same group said to be responsible for the Accellion attack.
“The fallout from the Accellion-centered breach continues, purportedly this time with Bombardier. The takeaways should be pretty clear to people keeping score. Always keep software up-to-date or replace it with next-generation software that’s supported by the vendor,” said Trevor Morgan, product manager with data security specialists comforte AG in a statement.
Canoo Awards Manufacturing Contract to VDL Nedcar
Canoo, a trailblazing company in the electric vehicle (EVs) manufacturing industry, has officially announced owned and contract manufacturing plans that will ensure the company manages to deliver on its promise to consumers of production and delivery of vehicles in Q4, 2022.
During the company’s first Investor Relations Day, Chairman & CEO of Canoo, Tony Aquila, named VDL Nedcar as its contract manufacturing partner. VDL Nedcar, which I’m sure many of you will already have heard of, is the only independent Vehicle Contract Manufacturer in the Netherlands and has enjoyed fifty years of growth under owners, including Mitsubishi Motors and Volvo cars. According to the report, Nedcar will manufacture the Lifestyle Vehicle for the United States and European Union markets, while Canoo builds a US-based mega micro-factory.
"We conducted an exhaustive search, invested significant amounts of time and resources that span the globe, in our search for our Phase 1 contract manufacturer. VDL Nedcar is the right partner," said Tony Aquila, Investor, Chairman and CEO of Canoo, Inc. "They are the top trusted European manufacturer building high-quality products for leading OEMs, and they significantly outcompeted the other contenders. VDL is also independently owned by the van der Leegte family of entrepreneurs - which aligns with our commitment to support businesses that form the backbone of communities. This strategic partnership will enable us to deliver vehicles to market while we build our Phase 2 factory in Oklahoma. It also strongly positions us for geographic expansion in Europe and builds a lasting relationship with VDL Groep of companies. Our investment will help us scale quickly and fulfil our mission to bring affordable, purpose-built EVs to Everyone."
Canoo and VDL have already gotten to work on vehicle manufacturability and production planning so that Canoo can successfully lay the groundwork for its upcoming US manufacturing operations expansion, which will be completed in Oklahoma in 2022. The Nedcar facility currently expected to produce around 1000 units for both the US and European markets in 2022, with an additional 15000 targeted for the following year.
"Canoo's bold approach to designing and building electric vehicles makes them an ideal partner as we work together to shape the future of mobility," said John van Soerland, CEO of VDL Nedcar. "This partnership advances our strategic vision to provide a contract manufacturing solution and expand our expertise in the EV arena."
Currently, Canoo is entering its GAMMA phase of development and is on track to start production soon. The company intends and expects to launch its Lifestyle Vehicle in Q4 2022, closely followed by the Multi-Purpose Delivery Vehicle and Pickup Truck.
Watch this space.