Cyber Incident Victim: General Dynamics

General Dynamics, Corp., a commercial entity headquartered at 11011 Sunset Hills Rd in Reston, Virginia, experienced an external system breach on October 1, 2024. The cybersecurity incident involved unauthorized hacking activity that compromised personal information belonging to 37 individuals, including two Maine residents. Attackers acquired names combined with other personal identifiers during the intrusion, though the specific data elements beyond this combination were not detailed in the notification. The breach remained undetected for nine days until its discovery on October 10, 2024. General Dynamics engaged Freshfields US LLP as outside counsel to manage breach disclosure obligations, with partner Brock Dahl serving as the designated contact for regulatory communications. The company confirmed this was its first reported breach within the preceding 12-month period, indicating no recent history of comparable incidents prior to October 2024.

Affected individuals received written notification of the breach on December 23, 2024, approximately 83 days after discovery. General Dynamics provided Maine residents with specific notification materials documented in the file "Maine_notification_materials.pdf" as part of state compliance efforts. The company offered impacted persons 24 months of complimentary credit monitoring and identity protection services through ID Watchdog, though the notification did not specify whether enrollment thresholds or activation deadlines applied to these remedies. No evidence suggested consumer reporting agency notifications were required, as the number of affected Maine residents remained below the 1,000-person threshold that triggers such mandates under state law. The breach disclosure contained no information regarding operational disruptions, financial losses, or system remediation efforts undertaken by General Dynamics following the incident's detection.