Defense firm Elbit Systems of America discloses data breach

Elbit Systems of America, a subsidiary of defense giant Elbit Systems, disclosed a data breach after Black Basta ransomware gang claimed to have hacked it.

In late June, the Black Basta ransomware gang claimed to have hacked Elbit Systems of America, the extortion group added the name of the company to its Tor leak site. Elbit Systems of America, LLC is a U.S.-based wholly owned subsidiary of Elbit Systems Ltd., a leading global source of innovative, technology based systems for diverse defense and commercial applications.

Now the company has confirmed the data breach that took place on June 8, 2022 and impacted 369 people.

The company discovered the security breach after noticing unusual activity on its network, in response to the intrusion it shut down its systems to prevent the threat from spreading.

“On June 8, 2022, Elbit America discovered unusual activity in its network environment. Elbit America
immediately shut down its network and took steps to secure its environment. Elbit America also
engaged a leading, independent cybersecurity firm to assist Elbit America with safely restoring its
operations, to investigate the incident, and to determine if any personal information was affected as
quickly as possible.” reads the data breach notification sent to the Maine Attorney General’s office. “Through this investigation, on June 15, 2022, Elbit America learned that personal information belonging to certain employees may have been acquired without authorization. Out of an abundance of caution, Elbit America notified all employees on July 1, 2022, including four (4) Maine
residents.”

Exposed data may have included individuals’ names, addresses, Social Security numbers, dates of birth, direct deposit information, and ethnicity.

The company already notified impacted individuals and is offering them 12 months of free identity protection and credit monitoring services.

Some of the documents published by the Black Basta gang on its leak site as proof of the hack included, an audit report, confidentiality agreements, and a payroll report

Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model.  

The ransomware appends the .basta extension to the encrypted filenames and create ransom notes named readme.txt in each folder.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Elbit Systems of America)

[adrotate banner=”5″]

[adrotate banner=”13″]