MAG Aerospace Confirms Data Breach Impacting Over 4,000 Employees

MAG Aerospace, a U.S. defense contractor, reported that a data breach earlier this year compromised the personal information of over 4,000 employees.

 

Headquartered in Fairfax, Virginia, MAG Aerospace is a U.S. defense contractor specialising in C5ISR solutions, including manned and unmanned aircraft operations, training, and technical services for government, international, and commercial clients. The company focuses on real-time situational awareness and multi-domain operations, integrating advanced technologies across air, land, maritime, space, and cyberspace, and leveraging veteran expertise to manage complex defense systems.

 

In a data security incident notice filed with the Office of Maine Attorney General, MAG Aerospace said that on August 30, it identified unauthorised access within its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected systems and notified relevant law enforcement authorities about the same.

 

“Based on our in-depth investigation to date, supported by our external experts, it appears that an unknown third-party gained unauthorised access to a limited set of electronically stored personal information between August 30, 2025 and August 31, 2025,” MAG Aerospace said.

 

The compromised data included names and other personal identifiers including Social Security Numbers. The filing with the Maine state regulator’s office also states thatMAG Aerospace have identified at least 4,280 employees affected by the incident.

 

“We took measures to contain the incident, including quarantining assets, disabling affected accounts and domains, blocking access to our network, and resetting passwords for affected accounts. We also contacted law enforcement, and have been working with them since,” the company added.

 

While MAG Aerospace found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered two years of complimentary identity protection and credit monitoring services through Experian IdentityWorks to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on MAG Aerospace. The organisation also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.