fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Defense Contractor Electronic Warfare Hit by Data Breach

US Defense Contractor Electronic Warfare Hit by Data Breach

US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system and stole files containing personal information.

The company claims the breach’s impact was limited but confirmed that the threat actor managed to exfiltrate files containing sensitive information.

As detailed in a notice to the Montana Attorney General’s office, EWA discovered that a threat actor took over one of their email accounts on August 2, 2021.

The firm noticed the infiltration when the hacker attempted wire fraud, which appears to be the primary goal of the actor.

Also Read: Data Storage Security Standards: What Storage Professionals Need to Know

“Based on our investigation, we determined that a threat actor infiltrated EWA email on August 2, 2021. We were made aware of the situation when the threat actor attempted wire fraud,” reads EWA’s data incident notification.

“We have no reason to believe the purpose of the infiltration was to obtain personal information. Nevertheless, the threat actor’s activities did result in the exfiltration of files with certain personal information (as described below).”

Based on the investigation that followed, it was discovered that names, social security numbers (SSNs), and the driver’s license of the notice recipients were also stolen.

As such, the wire fraud attempt may have been a distraction, which is entirely plausible for sophisticated actors who are interested in targeting highly-sensitive firms of this type.

It is unclear if the stolen information affects only the company’s employees and whether or not technical documents have also been stolen during the incident.

In response to the security lapse, the company is now offering a two-year subscription to identity theft protection services through Equifax.

Moreover, the notice urges recipients to monitor their credit reports and financial account statements closely.

A high-profile clientele

EWA is a specialist in high-tech defense hardware and software solutions for communication, access control, simulation, training, management, testing, and monitoring systems (radars).

Also Read: IT Governance Framework PDF Best Practices And Guidelines

Sample of EWA's products used by the U.S. DOD
Sample of EWA’s products used by the U.S. DOD
Source: EWA

Many of these products are made for highly sensitive customers, including the U.S. Department of Defense (Army, Navy, Air Force, DARPA, OSD), the Department of Justice, and Homeland Security (DHS).

A data breach on the firm’s email systems may have also compromised military technology secrets as EWA develops and designs these products internally.

EWA also develops commercial products through subsidiary brands like Corelis (electronic testing and analysis) and Blackhawk (debugging tools).

We have reached out to EWA asking for more details about the hacking incident and the exact impact it has on them, and we will update this post if we receive a response.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us