Satellite maker Maxar Space Systems is notifying its employees that their personal information was compromised in an October 2024 data breach.
The incident, the company says, was discovered on October 11, and prompted an immediate response to block unauthorized access to its systems.
However, the investigation into the matter revealed that a threat actor had access to Maxar’s network for roughly one week before the data breach was discovered.
During that time, the company says, the threat actor accessed one system “containing certain files with employee personal data”.
The potentially compromised information, the company says, includes names, addresses, gender, Social Security numbers, business phone numbers and other business contact information, employment status, job titles, supervisor, department, and other employment-related information.
“These files did not contain any bank account information or dates of birth,” the company said in the notification letter to the impacted individuals, a copy of which was submitted to the California Attorney General’s Office.
The company is providing the affected people with free identity protection services (only one year of service is offered to former employees) and encourages them to monitor their financial accounts, obtain free copies of their credit reports, and place a security freeze on their credit files.
Maxar says it has eliminated “the circumstances that allowed the hacker’s unauthorized access” and that “a hacker using a Hong Kong-based IP address” was behind the data breach, but did not share further information on the incident, nor on the number of impacted individuals.
Responding to a SecurityWeek inquiry, Maxar said that the data breach was limited to Maxar Space Systems, its satellite manufacturing business operating out of Palo Alto, California, and that the hacker accessed a single host on an external demilitarized network that was not connected to the company’s internal network.
The incident, Maxar said, had no operational impact and only affected the personal information of a group of employees, whom were provided access to identity theft and credit protection services. Employees of Maxar Intelligence, the company’s geospatial technology business that focuses on satellite imaging and geospatial insights, were not affected by the data breach.
*Updated with statement from Maxar
Related: Schneider Electric Launches Probe After Hackers Claim Theft of User Data
Related: CloudSEK Blames Hack on Another Cybersecurity Company
Related: Hackers Breach Customer Data at Michigan State Online Store
Related: Creative Software Maker Affinity Informs Customers of Forum Breach
Related: Shopping Platform PulseTV Discloses Potential Breach Impacting 200,000 People