Connect with us

Hi, what are you looking for?



Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack

Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems.

Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems.

In a notification to the Maine Attorney General’s office, the Fort Worth, Texas-based company said the breach occurred on June 8 and it was discovered the same day. It said only 369 people are affected.

A notification sent out to impacted customers by a law firm on behalf of Elbit said it discovered the breach after noticing unusual activity on its network. The network was immediately shut down and steps were taken to secure the environment.

An investigation assisted by a cybersecurity firm revealed that the attacker may have acquired information belonging to certain employees, including name, address, social security number, date of birth, direct deposit information, and ethnicity.

Impacted individuals were notified in July and offered 12 months of free identity protection and credit monitoring services, the company said.

Elbit Systems of America provides defense, commercial aviation, homeland security, medical instrumentation, law enforcement, and sustainment and support solutions.

The Black Basta ransomware gang announced hacking Elbit Systems of America in late June. The group’s Tor-based leak website suggests that all of the files stolen from Elbit have been made public, which indicates that the defense company has refused to pay the ransom demanded by the hackers.

Advertisement. Scroll to continue reading.

The Black Basta website was very slow at the time of writing and it only displayed a few documents allegedly stolen from the defense contractor, including a payroll report, an audit report, a confidentiality agreement, and a non-disclosure agreement.

Elbit hacked by Black Basta ransomware

SecurityWeek has reached out to Elbit for more information about the incident and will update this article if it responds.

The Black Basta ransomware operation emerged in April and cybersecurity researchers have found links to the notorious Conti group. The operation employs a double extortion strategy that involves encrypting files and stealing valuable data from compromised systems in an effort to increase its chances of getting paid. The group has become a major threat, with roughly 100 victims currently listed on the Black Basta leak website.

This is not the first time Elbit Systems of America has been targeted by hackers. In 2018, the company admitted being targeted after a hacker leaked account information allegedly stolen from its systems. At the time, however, it did not confirm an actual breach or the theft of data.

Related: Sophisticated Threat Actor Targets Governments, Defense Industry in Western Asia

Related: Number of Ransomware Attacks on Industrial Orgs Drops Following Conti Shutdown

Related: US Government Shares Photo of Alleged Conti Ransomware Associate

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...