Key Elements of Cybersecurity: A Comprehensive Guide
November 27, 2024
Satellite manufacturer Maxar Space Systems has revealed a data breach affecting the personal information of its employees. The company is informing its workforce that their personal details were compromised in an October 2024 data incident.
This occurrence, the firm states, was identified on October 11, leading to an immediate response to prevent unauthorized access to its systems. However, the investigation into the situation uncovered that a malicious actor had infiltrated Maxar’s network for approximately one week prior to the discovery of the data breach.
During this interval, the company reports, the malicious actor accessed one system “containing certain documents with worker personal data.” The potentially compromised information, according to the company, encompasses names, addresses, gender, Social Security numbers, business phone numbers, and additional business contact details, employment status, job titles, supervisors, departments, and other employment-related information.
“These files did not include any bank account information or dates of birth,” the company stated in the notification letter to the affected individuals, a copy of which was submitted to the California Attorney General’s Office.
The firm is offering the impacted individuals free identity protection services (only one year of service is provided to former employees) and encourages them to monitor their financial accounts.
Maxar asserts it has rectified “the circumstances that permitted the hacker’s unauthorized access” and that “a hacker using a Hong Kong-based IP address” was responsible for the data breach, but did not disclose further details on the incident or the number of affected individuals.
In response to a SecurityWeek inquiry, Maxar clarified that the data breach was confined to Maxar Space Systems, its satellite manufacturing division operating from Palo Alto, California, and that the hacker accessed a single host on an external demilitarized network that was not linked to the company’s internal network.
The incident, Maxar affirmed, had no operational ramifications and only impacted the personal information of a select group of employees, who were provided access to identity theft and credit protection services. Employees of Maxar Intelligence, the company’s geospatial technology division focused on satellite imaging and geospatial insights, were not affected by the data breach.
