Hackers breached U.S. satellite maker Maxar Space Systems and accessed personal data belonging to its employees, the company informs in a notification to impacted individuals.

The threat actor compromised the company network about a week before the discovery of the intrusion.

Immediately after discovering the unauthorized access, the company took action to prevent the hackers from reaching further into the system.

“Our information security team discovered that a hacker using a Hong Kong-based IP address targeted and accessed a Maxar system containing certain files with employee personal data,” reads the data breach notification.

“When we discovered this on October 11, 2024, we took immediate action to protect further unauthorized access to the system. Nevertheless, according to our investigation, the hacker likely had access to the files on the system for approximately one week before this action was taken,” the company informs.

Maxar Space Systems is a major player in the American aerospace industry, considered an expert in building communicatin and Earth observation satellites.

The Colorado-based company has built more than 80 satelliets that are currently on orbit, and its technology has contributed to space exploration. The Maxar 1300 platform played a key part for the success of NASA’s Psyche mission and its power and propulsion elements were used for the Artemis Moon exploration program.

Maxar Space Systems says that the attacker likely has access to a system that contained the following employee information:

• Name
• Home address
• Social security number
• Business contact information
• Gender
• Employment status
• Employee number
• Job title
• Hire/termination and role start dates
• Supervisor
• Department

The company clarified that no bank account information was exposed in the cybersecurity incident.

Current employees impacted by the incident are offered IDShield indentity protection and credit monitoring services, while former employees have until mid-February 2025 to enroll in identity theft protection services from IDX.

Although the data breach disclosure notifies of personal data for employees being exposed, in some cases such compromises also impact proprietary technical data.

On a related note, a threat actor claimed in July to have scraped the user base of GeoHIVE, a geospatial intelligence platform by Maxar Technologies, the parent company of Maxar Space Systems.

BleepingComputer has contacted Maxar Technologies to ask about the possibility of confidential technology data exposure and a possible link to the scraping incident, but a comment wasn’t immediately available.