US Defense Contractor Experiences Data Breach
Table of Contents
- By David Lukic
- Published: Dec 08, 2021
- Last Updated: Mar 18, 2022
Electronic Warfare Associates (EWA), a US government defense contractor, has disclosed that a data breach hit it following an email phishing incident. The company has a long list of high-profile clients such as the Defense Advanced Research Projects Agency (DARPA), the Department of Defense (DOD) – Office of the Secretary of Defense (OSD), Department of Homeland Security (DHS), Department of the Navy (USN), Department of the Air Force (USAF), Department of the Army (USA), Unified Military Commands, and the Department of Justice (DOJ).
What Happened?
On the 4th of November, the Virginia-based company sent letters to parties affected by the breach, informing them that their personal identifiable information like names, social security number, and driver’s license number had been downloaded by threat actors. The company confirmed that the attackers had not yet used the information for any malicious purposes at the time of the disclosure.
How Did EWA Find Out?
In the circulated letter, EWA stated that the breach incident had occurred through email phishing since the 2nd of August. However, the unauthorized actor had remained undetected in the company network and was able to successfully exfiltrate some of the company data, including the information mentioned above.
They went unnoticed until they had attempted wire fraud recently. This was what had alerted the company’s security system and led to an extensive investigation into the breach.
How Was The Situation Handled?
The defense company hired an experienced third-party forensics firm and sought outside counsel during the investigation. After they discovered that the threat actors had stolen some personal information, they contacted the affected individuals. The company wrote in their letter that they
“...have no reason to believe the purpose of the infiltration was to obtain personal information.”
Despite that, they offered the impacted persons free fraud detection and identity theft protection through Equifax’s Complete Premier services at no charge for two years.
“We encourage you to remain vigilant, including by reviewing your credit reports and financial account statements closely. We also recommend that you pay close attention to any suspicious activity that could be related to identity theft, including communications from the IRS…”
concludes the disclosure.
What's Being Done About US Defense-related Breaches?
This is not the first time a company connected to the defense of the nation has been attacked by cybercriminals. EWA has previously suffered a ransomware attack in January 2020. It was infected by Ryuk ransomware that crippled a significant portion of their systems, including their Web servers.
Another defense agency that handles secure communications for the government, Defense Information Systems Agency (DISA) had also been hit by a breach in February last year. They reported that social security numbers and personal information in their network may have been compromised, although they did not share the extent.
The most widespread intrusion happened with the SolarWind attacks last year. This breach affected multiple agencies connected to the US government including Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. More recently, the US State Department was hit by a cyber attack in August although they did not experience any disruptions to their operations.
The government has taken certain measures to curb these continual attacks. President Biden's cybersecurity executive order was issued in May to strengthen cyber security in the nation, improve cyberattack response and encourage threat intelligence sharing. The order has specifications for IT service providers that work or intend to work with the US government.
The Cybersecurity Maturity Model Certification (CMMC) is a security framework developed by the Department of Defense (DoD) to enhance the protection of the defense sector. The primary aim of the CMMC is to assure the DoD that an agency holding federal contracts has the necessary measures in place to protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), and can account for the flow of that information.
