Electronic Warfare Associates (EWA), a US defense contractor, has confirmed a data breach in which attackers exfiltrated files containing personal information.
The breach began with a phishing attack that had "some limited impact" on EWA email accounts, officials report in a notification letter. Their investigation determined an attacker broke into EWA email accounts on Aug. 2, 2021; the organization learned of the attack when the intruder attempted wire fraud.
"We have no reason to believe the purpose of the infiltration was to obtain personal information," the notification states. "Nevertheless, the threat actor's activities did result in the exfiltration of files with certain personal information."
The investigation found names, Social Security Numbers, and/or driver's license number in the downloaded files.
Read more details here.