Ransomware attack on US Navy shipbuilder leaked information of nearly 17,000 people

Avatar

An April ransomware attack on a company that builds ships for the U.S. Navy exposed the information of nearly 17,000 people, according to documents filed with regulators in Maine this week.

The regulatory filing comes nearly nine months after several local news outlets in Wisconsin reported that Fincantieri Marine Group — the U.S. arm of Italian shipbuilding company Fincantieri — was dealing with a ransomware attack that caused widespread production issues.

The company did not respond to requests for comment at the time but sent a statement to the United States Naval Institute (USNI) and the Green Bay Press Gazette confirming it had experienced a cybersecurity incident that caused “a temporary disruption to certain computer systems on its network.”

The company said at the time that its network security officials “immediately isolated systems and reported the incident to relevant agencies and partners.”

“Fincantieri brought in additional resources to investigate the incident and to restore full functionality to the affected systems as quickly as possible,” the company told the news outlets.

On January 5, the company sent out breach notification letters explaining that on April 12, 2023, it “became aware of a cyberattack on its computer systems that included the encryption of certain files.”

“FMG promptly took steps to secure its environment and began an investigation into the nature and scope of the incident. The investigation determined that, in connection with the incident, there was unauthorized access to certain systems in FMG’s environment between April 6, 2023, and April 12, 2023, and as a result, certain data stored on its systems were subject to unauthorized acquisition,” the letters said.

“FMG then undertook a comprehensive review of the affected data to confirm what information was impacted. On November 6, 2023, FMG determined that personal information relating Maine residents was in the files at issue. The personal information involved includes name, and Social Security number.”

The company told regulators in Maine that 16,769 people had information leaked due to the ransomware attack. They are providing victims with two years of free credit monitoring services.

USNI reported in April that the shipyard builds the Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate. The Navy did not respond to requests for comment in April or on Friday but told USNI at the time that it was aware of the incident.

According to USNI, the attack disrupted the servers that fed information to manufacturing machines. For days, the machines responsible for welding, cutting and more were down after the servers were knocked offline.

The Green Bay Press Gazette reported that the shipyards in Marinette, Sturgeon Bay and Green Bay employ a total of about 2,300 people. The company did not respond to requests for comment about whether the 16,769 people affected included current and former employees.

Another Navy shipbuilder — Austal — confirmed that it had faced a cyberattack in December after a ransomware gang took credit for the incident.

CybercrimeIndustryNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

The nature of bug bounty programs is changing, and their ‘auntie’ is worried

Next Post

Ransomware gang targets nonprofit providing clean water to world’s poorest

Related Posts

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the threat actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access,"
Avatar
Read More