Attackers were able to gain access to names and modify the impacted accounts' bank account details.
Major U.S. aerospace and defence firm General Dynamics has confirmed having dozens of employee benefits accounts breached following a phishing attack in October.
According to SecurityWeek reports, threat actors leveraged a fake advertising campaign to lure employees into providing their credentials to a phishing website. These credentials were then used to infiltrate 37 employees' Fidelity NetBenefits accounts.
As well as obtaining access to individuals' names, birthdates, Social Security numbers, other government identification numbers, and disability status, attackers were also able to modify the impacted accounts' bank account details.
"Available evidence indicates that the instances of unauthorized access at issue were authenticated through the third party, and not directly through any GD business units. GD is not currently aware of any ongoing harm or risk to the affected employees as a result of this incident," said the firm in a filing with the Office of the Maine Attorney General.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
