US-based aerospace company Maxar Space Systems has confirmed a cybersecurity breach that exposed sensitive employee data. The breach occurred in early October 2024, with hackers gaining unauthorized access to the company's network roughly a week before the intrusion was discovered on October 11. According to Maxar, the attack originated from a Hong Kong-based IP address.
“Our information security team discovered that a hacker using a Hong Kong-based IP address targeted and accessed a Maxar system containing certain files with employee personal data,” the company said. “When we discovered this on October 11, 2024, we took immediate action to protect further unauthorized access to the system. Nevertheless, according to our investigation, the hacker likely had access to the files on the system for approximately one week before this action was taken.”
The compromised system contained detailed information about Maxar employees, including: name, home address, social security number, business contact information, gender, employment status, employee number, job title, hire/termination dates and role start dates, supervisor details, department.
Maxar said that no bank account or financial information was exposed during the breach.
Upon discovering the intrusion, Maxar implemented measures to contain the breach and prevent further unauthorized access. The company has since launched an internal investigation and is working with cybersecurity experts to understand the full scope of the incident.