Major space tech company says employee data stolen in cyber incident
Space technology giant Maxar Space Systems has revealed that its network was hacked by an unknown third party.
Maxar Space Systems is a Colorado-based space technology manufacturing and engineering company best known for its satellites, operating one of the largest and most advanced satellite constellations that cover 60% of the Earth’s surface every months and collect more than 3.8 million square kilometers per day.
In a notification sent to its employees, the US-based company said the incident was discovered on October 11, but determined that the threat actors had accessed it a full week before.
“Our information security team discovered that a hacker using a Hong Kong-based IP address had targeted and accessed a Maxar system containing certain files containing personal employee data,” Maxar Space Systems said.
“When we discovered this on October 11, 2024, we took immediate action to prevent further unauthorized access to the system. However, according to our investigation, the hacker probably had access to the system files for about a week before this action was taken.
According to the release, the system in which malicious actors gained access to names, genders, home addresses, business contact information such as emails, telephones and addresses, social security numbers, employment status, employee number, department, supervisor and important onboarding information such as hire dates, role start dates and, “if applicable”, employment termination dates.
Maxar Space Systems clarified, however, that the incident did not reveal any bank account data.
Currently, Cyber Daily has not observed any malicious actors taking responsibility for the incident. The Hong Kong IP address may indicate a Hong Kong-based threat actor or simply the use of a Hong Kong-based server.
Last July, a malicious actor claimed to have exfiltrated data from Maxar’s GeoHive crowdsourcing platform.
“Today I am introducing you to the user base of GeoHive Maxar Technologies, a space technology company headquartered in Westminster, Colorado, United States,” said the threat actor “post” on a forum of popular hacking.
“Their API had a vulnerability that allowed you to see each user’s email address, full name, IP address, phone numbers, sessionToken, etc. I exploited this vulnerability to recover as many user information as possible on their website.”
It’s unclear whether the most recent incident and the July scrape are linked in any way.