Space tech company Maxar reports security incident involving employee data

Maxar Space Systems confirms that a threat actor was able to breach its corporate network and access personal information belonging to its employees.

According to the company’s data breach notification, the intrusion was detected on October 11th, 2024. The attacker used a Hong Kong-based IP address to access a database that contained employee files.

“When we discovered this on October 11th, 2024, we took immediate action to prevent further unauthorized access to the system. Nevertheless, according to our investigation, the hacker likely had access to the files on the system for approximately one week before this action was taken,” the satellite manufacturer says.

Although Maxar Space Systems can’t say for certain, the threat actor was most likely able to exfiltrate full names, gender, home addresses, social security numbers, business contact information, employment statuses, employee numbers, job titles, hire and termination dates, and the names of supervisors and departments.

No bank account information or dates of birth were stolen.

Maxar Space Systems has hired an external cybersecurity agency to investigate the impact and scope of the breach. The security incident has also been reported to law enforcement. Lastly, the company has implemented additional security measures to prevent recurrence.

Affected employees are asked to monitor their financial accounts for suspicious activities, They are entitled to identity protection and credit monitoring services.

Back in July, a threat actor called ‘post’ claimed he was responsible for the data breach at GeoHive Maxar Technologies, a geospatial intelligence platform by Maxar Technologies, the parent company of Maxar Space Systems.

“Their API had a vulnerability where you could see every single user’s email addresses, full names, IP addresses, phone numbers, session tokens, etc. I exploited this vulnerability to scrape as much user info as I possibly can from their website,” he wrote in a message on a hacking forum on the dark web.

It remains unclear whether or not the recent data breach and the July scrape are connected.