Cyber Incident Victim: HENSOLDT SAS

HENSOLDT AG disclosed a cyber incident affecting its subsidiary HENSOLDT Nexeya France S.A.S. on August 12, 2022. The LockBit 3.0 ransomware group claimed responsibility for the attack, announcing the compromise on their leak site and threatening to release stolen data unless a ransom was paid. The attackers asserted they had exfiltrated sensitive corporate information from Nexeya France’s systems. HENSOLDT AG initiated an immediate forensic investigation involving internal cybersecurity teams and external experts to assess the scope and severity of the breach. The company concurrently notified relevant regulatory authorities, including France’s data protection agency (CNIL), in compliance with breach disclosure obligations. Operations at Nexeya France—a provider of mission-critical systems for aerospace and defense sectors—continued without interruption, as the attack did not impact production or customer-facing infrastructure.

Investigations confirmed unauthorized access to non-operational corporate IT systems, with evidence suggesting potential exposure of employee personal data. HENSOLDT AG publicly stated no classified customer projects, intellectual property, or national security-related data were compromised. The company implemented enhanced network monitoring, restricted access privileges, and deployed additional security patches across affected systems. No ransom payment was made, and HENSOLDT AG maintained communication with law enforcement agencies throughout the incident. Post-incident analyses revealed the attackers likely exploited vulnerabilities in third-party software to gain initial access. The breach resulted in no material financial impact per HENSOLDT’s subsequent financial disclosures, though remediation costs and reputational risks were acknowledged. Security protocols were reinforced across all subsidiaries to prevent similar incidents.