Major U.S. aerospace and defense firm General Dynamics has confirmed having dozens of employee benefits accounts breached following a phishing attack in October, SecurityWeek reports.
Threat actors leveraged a fake advertising campaign to lure employees into providing their credentials to a phishing website, which were then utilized to infiltrate 37 employees’ Fidelity NetBenefits accounts, said General Dynamics in a filing with the Office of the Maine Attorney General.
Aside from obtaining access to individuals’ names, birthdates, Social Security numbers, other government identification numbers, and disability status, attackers were also able to modify the impacted accounts’ bank account details.
“Available evidence indicates that the instances of unauthorized access at issue were authenticated through the third party, and not directly through any GD business units. GD is not currently aware of any ongoing harm or risk to the affected employees as a result of this incident,” said the firm.
Such a development comes after Fidelity Investments disclosed having more than 100,000 clients affected by separate data breaches this year.