Security Experts:

Connect with us

Hi, what are you looking for?



Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack

Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems.

Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems.

In a notification to the Maine Attorney General’s office, the Fort Worth, Texas-based company said the breach occurred on June 8 and it was discovered the same day. It said only 369 people are affected.

A notification sent out to impacted customers by a law firm on behalf of Elbit said it discovered the breach after noticing unusual activity on its network. The network was immediately shut down and steps were taken to secure the environment.

An investigation assisted by a cybersecurity firm revealed that the attacker may have acquired information belonging to certain employees, including name, address, social security number, date of birth, direct deposit information, and ethnicity.

Impacted individuals were notified in July and offered 12 months of free identity protection and credit monitoring services, the company said.

Elbit Systems of America provides defense, commercial aviation, homeland security, medical instrumentation, law enforcement, and sustainment and support solutions.

The Black Basta ransomware gang announced hacking Elbit Systems of America in late June. The group’s Tor-based leak website suggests that all of the files stolen from Elbit have been made public, which indicates that the defense company has refused to pay the ransom demanded by the hackers.

The Black Basta website was very slow at the time of writing and it only displayed a few documents allegedly stolen from the defense contractor, including a payroll report, an audit report, a confidentiality agreement, and a non-disclosure agreement.

Elbit hacked by Black Basta ransomware

SecurityWeek has reached out to Elbit for more information about the incident and will update this article if it responds.

The Black Basta ransomware operation emerged in April and cybersecurity researchers have found links to the notorious Conti group. The operation employs a double extortion strategy that involves encrypting files and stealing valuable data from compromised systems in an effort to increase its chances of getting paid. The group has become a major threat, with roughly 100 victims currently listed on the Black Basta leak website.

This is not the first time Elbit Systems of America has been targeted by hackers. In 2018, the company admitted being targeted after a hacker leaked account information allegedly stolen from its systems. At the time, however, it did not confirm an actual breach or the theft of data.

Related: Sophisticated Threat Actor Targets Governments, Defense Industry in Western Asia

Related: Number of Ransomware Attacks on Industrial Orgs Drops Following Conti Shutdown

Related: US Government Shares Photo of Alleged Conti Ransomware Associate

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack