Yesterday, Boeing submitted a Form 8-K to the U.S. Securities and Exchange Commission outlining the impact of a “cybersecurity incident” affecting subsidiary Jeppesen. In early November, Jeppesen warned customers via its website that it is “currently experiencing technical issues with some of our products, services, and communications channels.”
In a statement provided to AIN shortly after the incident began, Boeing said, “There has been some flight planning disruption, but at this time we have no reason to believe that this incident poses a threat to aircraft or flight safety.” Jeppesen's notam feed was also disrupted.
In the Form 8-K, Boeing explained, “…we promptly notified law enforcement and regulatory authorities and customers, launched an investigation, and took additional steps to protect the integrity of our systems.”
While Boeing will not confirm that the incident was a ransomware attack, the Form 8-K noted: “During the investigation, we learned that the criminal ransomware actor claims to have stolen information from Jeppesen systems. We continue to work with outside forensic firms, customers, and relevant authorities to mitigate any potential impacts, including any possible release of personally identifiable information.
“We continue to be confident that this incident poses no risk to flight safety, and we believe that it has not had a material impact on either Jeppesen’s business operations or Boeing’s business prospects or financial results.”