Cyber Incident Victim: Electronic Warfare Associates
Date:
Aug 2021
Location:
United States of America
Summary
Electronic Warfare Associates (EWA), a U.S. defense contractor serving military and government agencies, experienced a data breach where attackers compromised its email system, exfiltrating files containing personal information including names, Social Security numbers, and driver’s licenses. The intrusion was detected during an attempted wire fraud, which may have been a diversionary tactic. The breach potentially exposed sensitive military technology secrets due to the firm’s role in developing classified defense systems. In response, the company offered affected individuals identity theft protection services. This incident follows a prior ransomware attack on the organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 2, 2021, a threat actor infiltrated the email systems of Electronic Warfare Associates (EWA), a U.S. defense contractor specializing in communication, access control, simulation, and military technology solutions. The breach was initially detected when the attacker attempted wire fraud using the compromised email account, prompting EWA’s investigation. Forensic analysis confirmed the unauthorized access resulted in data exfiltration, including files containing personal information of affected individuals. Specifically, stolen data comprised names, Social Security numbers, and driver’s license details. EWA stated in its notification to the Montana Attorney General’s office that wire fraud appeared to be the primary objective of the intrusion, with no evidence suggesting the attacker initially sought personal information. However, the exfiltration of sensitive data occurred as a direct consequence of the attacker’s activities during the breach. The scope of impacted individuals—whether limited to employees or extending to other parties—remained unclear, as did the potential theft of technical documents related to EWA’s defense projects.
In response to the incident, EWA offered affected individuals a two-year subscription to Equifax identity theft protection services and advised them to monitor credit reports and financial statements. The company did not disclose specific containment measures taken to secure its email systems post-breach. Given EWA’s role as a supplier to high-sensitivity government agencies—including the Department of Defense, Department of Justice, and Homeland Security—concerns arose about potential secondary impacts, such as compromise of military technology secrets or classified project data. The breach marked at least the second cybersecurity incident affecting EWA within two years, following a 2020 Ryuk ransomware attack. No further technical details regarding attacker attribution, intrusion methods, or additional exfiltrated data types were publicly confirmed by EWA at the time of disclosure.