Cyber Incident Victim: Avianis

Solairus Aviation, a private aviation services provider, disclosed a data breach on March 23, 2021, stemming from a security incident at its third-party vendor Avianis. Avianis, which provided an aviation business management platform hosting Solairus’s flight scheduling and tracking system on Microsoft Azure, notified Solairus in December 2020 about an intrusion into its cloud environment. An investigation confirmed unauthorized access to Solairus data stored within Avianis’s compromised infrastructure. The exposed information potentially included employee and client names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, and financial account numbers. Solairus stated it lacked current addresses for all affected individuals, complicating notification efforts. The company acknowledged the breach’s potential to cause inconvenience or concern but emphasized its commitment to security and privacy.

Solairus initiated direct notifications to confirmed impacted parties following the investigation’s conclusion. The firm advised both employees and clients to monitor financial accounts for unauthorized activity and report suspicious transactions to their financial institutions immediately. No specifics regarding the intrusion method, attacker identity, or exact data exfiltration scope were disclosed. The incident highlighted risks associated with third-party cloud hosting dependencies in aviation operations. Solairus did not detail remediation steps taken with Avianis or any operational disruptions caused by the breach. Its public statement focused on breach acknowledgment, data sensitivity, and individual vigilance recommendations without addressing systemic security changes or legal repercussions.