Cyber Incident Victim: Embraer

In late November 2020, Embraer, recognized as the world’s third-largest airplane manufacturer, experienced a ransomware attack compromising its internal systems. Threat actors infiltrated the company’s servers and exfiltrated sensitive data, including employee details, business contracts, flight simulation photographs, and proprietary source code. Following the breach, attackers issued a ransom demand, which Embraer declined to fulfill. Instead, the company initiated recovery procedures using backups to restore affected systems, a decision that prompted the hackers to retaliate by publicly leaking portions of the stolen data on or before December 7, 2020. The leak, first reported by ZDNet, served as confirmation of data theft—a detail Embraer had not explicitly acknowledged in its initial breach disclosure. Samples of the exposed files revealed the scope of compromised information, though the full extent of the theft remained unclear from available evidence.

Embraer formally disclosed the security incident in a press release issued the week preceding the data leak but omitted references to ransomware or data exfiltration, characterizing the event only as a breach. The company’s restoration of systems from backups indicated operational resilience but did not prevent the secondary impact of data exposure once hackers published stolen files. Post-leak, Embraer did not respond to ZDNet’s requests for comment regarding the ransomware claims or the published data samples. The incident exposed sensitive corporate and employee information, introducing risks of secondary exploitation, while the inclusion of source code in the leak raised potential intellectual property concerns. Public confirmation of data theft emerged solely through the attackers’ actions, as Embraer maintained limited transparency regarding technical specifics or adversarial motives throughout the event.