Cyber Incident Victim: Huntington Ingalls Industries

Huntington Ingalls Industries, Inc. (HII) experienced a data breach involving unauthorized access to its computer network between March 2022 and May 2022. The company, a major military shipbuilder based in Newport News, Virginia, discovered that an unaffiliated third party gained access to certain file storage systems during this period. HII’s subsequent investigation confirmed that the compromised files contained sensitive consumer information. The breach exposed a wide range of personal data, including names, Social Security numbers, phone numbers, credit and debit card numbers, dates of birth, driver’s license numbers, passport numbers, financial account information, routing numbers, health insurance details, and medical information. The incident affected 43,643 individuals, as reported in HII’s official filing with the Maine Attorney General.

On April 18, 2023, over a year after the initial unauthorized access, HII formally notified the Maine Attorney General of the breach and initiated consumer notifications. The company conducted a review of the affected files to identify the specific information compromised and the impacted individuals. Data breach notification letters were sent to all affected consumers, advising them of the exposure of their sensitive information. HII did not disclose the exact method of unauthorized access or whether the breach involved malware, phishing, or external threat actors. The compromised data types created significant risks for identity theft and financial fraud against victims. Huntington Ingalls Industries, which employs over 43,000 people and generates approximately $10.5 billion in annual revenue, did not report operational disruptions to its shipbuilding or infrastructure services as part of the incident disclosure. The breach highlighted vulnerabilities in the storage systems containing consumer data but did not reference impacts on U.S. military contracts or classified systems.