Hacker roamed space tech giant Maxar‘s systems for days


Attackers with a Hong Kong-based IP address penetrated Maxar‘s defences, accessing sensitive information about the satellite maker‘s employees, the company has reported.

Maxar’s security team sniffed out the incident on October 11th, 2024, barring attackers from further roaming the space tech behemoth’s systems. However, Maxar’s breach notification letter claims that the cybercrooks likely had access to its system for one week.

The systems attacker accessed contained personal and sensitive information about Maxar’s employees, such as:

ADVERTISEMENT
  • Names
  • Home addresses
  • Social security numbers
  • Business contact information
  • Gender
  • Employment status
  • Employee numbers
  • Job titles
  • Hire dates, roles, start dates, and termination dates
  • Supervisors
  • Departments
Paulina Okunyte Ernestas Naprys Konstancija Gasaityte profile Gintaras Radauskas
Stay informed and get our latest stories on Google News

While Maxar noted that no bank account information and dates of birth were revealed, the attackers may have taken invaluable details about the company’s employees and structure. Malicious cyberbandits could exploit employee details to target them with tailor-made spearphishing attacks.

Since Maxar deals in space tech, a market segment coveted by friends and foes alike, perpetrators could sell the company’s employee details to more persistent attacker groups on the dark web.

The breach notification doesn’t indicate how many people were affected by the attack, but the nature of the information exposed suggests that past and present Maxar employees were exposed. As the company currently employs over 4,600 people, the total number of exposed individuals could be even higher.

The company told Cybernews the breach was limited to Maxar's satellite manufacturing business (Maxar Space Systems), operated out of Palo Alto, California.

"There was no operational impact. Maxar Space Systems is working with all impacted employees to provide access to identity theft and credit protection services. The employees in Maxar’s geospatial technology business (Maxar Intelligence) were not impacted by the breach. Maxar Intelligence is the business focused on satellite imaging and geospatial insights," Maxar told Cybernews.

Headquartered in Westminster, Colorado, Maxar is a leading space technology company known for Earth observation gear, radar, and in-orbit servicing satellites. The company’s revenues exceeded $1.6 billion in 2022.

ADVERTISEMENT

Maxar Space Systems, the breached subdivision of the company, claims to serve over 70 countries around the world, with 90 of its satellites in orbit every day.

Updated on November 20th [02:25 p.m. GMT] with a statement from Maxar.