Defense firm Elbit Systems of America discloses data breach

Elbit Systems of America, a subsidiary of defense giant Elbit Systems, disclosed a data breach after Black Basta ransomware gang claimed to have hacked it.

In late June, the Black Basta ransomware gang claimed to have hacked Elbit Systems of America, the extortion group added the name of the company to its Tor leak site. Elbit Systems of America, LLC is a U.S.-based wholly owned subsidiary of Elbit Systems Ltd., a leading global source of innovative, technology based systems for diverse defense and commercial applications.

Now the company has confirmed the data breach that took place on June 8, 2022 and impacted 369 people.

The company discovered the security breach after noticing unusual activity on its network, in response to the intrusion it shut down its systems to prevent the threat from spreading.

“On June 8, 2022, Elbit America discovered unusual activity in its network environment. Elbit America
immediately shut down its network and took steps to secure its environment. Elbit America also
engaged a leading, independent cybersecurity firm to assist Elbit America with safely restoring its
operations, to investigate the incident, and to determine if any personal information was affected as
quickly as possible.” reads the data breach notification sent to the Maine Attorney General’s office. “Through this investigation, on June 15, 2022, Elbit America learned that personal information belonging to certain employees may have been acquired without authorization. Out of an abundance of caution, Elbit America notified all employees on July 1, 2022, including four (4) Maine
residents.”

Exposed data may have included individuals’ names, addresses, Social Security numbers, dates of birth, direct deposit information, and ethnicity.

The company already notified impacted individuals and is offering them 12 months of free identity protection and credit monitoring services.

Some of the documents published by the Black Basta gang on its leak site as proof of the hack included, an audit report, confidentiality agreements, and a payroll report

Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model.

The ransomware appends the .basta extension to the encrypted filenames and create ransom notes named readme.txt in each folder.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Elbit Systems of America)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.