Cyber Crime
Phishing Attack Hits General Dynamics, Exposing Employee Data
Aerospace and defense giant General Dynamics has revealed that a phishing attack targeted its employees, compromising dozens of employee benefits accounts. The breach, discovered on October 10, exposed sensitive personal information, including Social Security numbers, bank account details, and government-issued IDs.
The attack began with a fraudulent advertising campaign that directed employees to a fake login portal mimicking a legitimate third-party platform. Unsuspecting employees entered their credentials, granting attackers access to their accounts. General Dynamics reported the breach to the Maine Attorney General’s Office, confirming that 37 individuals were affected.
Once inside the compromised accounts, the attackers manipulated personal data, including bank account information. General Dynamics promptly suspended access to the service upon discovering the unauthorized activity and began notifying affected employees the same day. Written notifications were sent this week to all impacted individuals.
ALSO READ : Nominations Open for FCRF Excellence Awards in Cyber Policing: Click Here for Details [Nominate for Cyber Policing Award]
The company clarified that the breach occurred through a third-party login portal and not its internal systems. “Available evidence indicates that the unauthorized access was authenticated through the third party, not directly through any General Dynamics business units,” the company stated.
To mitigate the impact, General Dynamics is offering two years of complimentary credit monitoring to affected employees. They have also urged individuals to reset their login credentials for Fidelity NetBenefits accounts and avoid reusing compromised passwords.
The phishing attack marks another incident involving Fidelity this year. Earlier, the financial services company disclosed breaches affecting over 100,000 customers across its insurance and investment platforms.
Cybersecurity experts continue to emphasize the importance of vigilance against phishing campaigns, which remain a significant threat to organizations and their employees.
