General Dynamics hit by phishing attack, exposes employee benefits accounts

General Dynamics, an aerospace and defense company was hit by a targeted phishing attack that resulted in the compromise of employee benefits accounts at a third party provider Fidelity.

The incident was discovered on October 10, 2024. The threat actors executed a phishing attack by running a fraudulent advertising campaign that directed General Dynamics employees to a phishing website.

General Dynamics launched an investigation, suspended access to the affected service, notified impacted employees and is working with law enforcement and the third-party service provider.

Employees were deceived into entering their credentials on this false third-party login site, which allowed the attackers to gain authenticated access to the Fidelity NetBenefits accounts through the Employee Self Service portal. Exposed data types include:

• Full names
• Dates of birth
• Government-issued identification numbers
• Social Security numbers
• Bank account information
• Disability status

The incident affected 37 individuals. In some cases, the attackers modified bank account information within the compromised accounts. General Dynamics is providing two years of free credit monitoring to affected individuals

The company advised affected individuals to reset their Fidelity account login credentials and avoid reusing these credentials for other accounts. General Dynamics emphasized that this incident did not affect the company's operations or its ability to serve clients.