Attackers were able to gain access to names and modify the impacted accounts' bank account details.
Major U.S. aerospace and defence firm General Dynamics has confirmed having dozens of employee benefits accounts breached following a phishing attack in October.
According to SecurityWeek reports, threat actors leveraged a fake advertising campaign to lure employees into providing their credentials to a phishing website. These credentials were then used to infiltrate 37 employees' Fidelity NetBenefits accounts.
As well as obtaining access to individuals' names, birthdates, Social Security numbers, other government identification numbers, and disability status, attackers were also able to modify the impacted accounts' bank account details.
"Available evidence indicates that the instances of unauthorized access at issue were authenticated through the third party, and not directly through any GD business units. GD is not currently aware of any ongoing harm or risk to the affected employees as a result of this incident," said the firm in a filing with the Office of the Maine Attorney General.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
