Cyber Incident Victim: Solairus Aviation

Solairus Aviation, a private aviation services provider, experienced a data breach involving unauthorized access to sensitive employee and customer information due to a security incident at its third-party vendor, Avianis. Avianis, which hosted Solairus’s flight scheduling and tracking system on its Microsoft Azure cloud platform, notified Solairus in December 2020 about an intrusion into its environment. An investigation confirmed that an unknown party accessed Solairus data stored within Avianis’s compromised infrastructure. The breach timeline indicates the intrusion occurred on or around December 1, 2020, with Avianis detecting and reporting it to Solairus that same month. Solairus publicly disclosed the incident on March 23, 2021, after completing its investigation into the scope of the compromise.

The compromised data included employee and client names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, and financial account numbers. Solairus initiated notifications to affected individuals but acknowledged it lacked current addresses for all potentially impacted parties. The company advised both employees and clients to monitor financial accounts for unauthorized activity and contact their financial institutions if suspicious transactions occurred. No evidence suggested misuse of the exposed data at the time of Solairus’s announcement. The breach originated solely within Avianis’s Azure environment, with no indication of direct compromise to Solairus’s internal systems. Solairus expressed regret for the incident and emphasized its commitment to community security and privacy, though it did not detail specific remediation measures taken beyond individual notifications and public disclosure. The incident highlighted supply chain risks associated with third-party aviation technology providers.