MAG Aerospace reported that attackers accessed a limited set of employee personal data after the company detected suspicious activity in its network in August 2025. The defence contractor provides intelligence, surveillance and reconnaissance services to military clients. The company stated that internal systems recorded activity that appeared inconsistent with normal operations. This prompted an immediate technical and security response intended to contain the incident and prevent further access to internal resources.
The company said it quarantined affected assets and disabled accounts and domains that appeared to have been compromised. It also blocked network access associated with the intrusion and required password resets for accounts that might have been affected. According to the disclosure, these containment measures were implemented as soon as the activity was detected. Law enforcement agencies were notified, and an external forensic investigation began. The company said the aim of the inquiry was to determine the scope of the incident, identify the nature of the compromised data and assess the actions taken by the attackers inside the network.
Investigators concluded that a limited set of electronically stored personal information was accessed during the intrusion. MAG Aerospace stated that the review did not find evidence of misuse of the compromised data. The company did not specify the categories of personal information involved; however, the disclosure indicates that the affected data pertains to employees. MAG Aerospace said it remains in contact with investigators and will continue to monitor for any indication that the information has been used for fraudulent activity.
The company is offering 24 months of free identity theft protection and fraud detection services to individuals who may have been affected. It stated that the service is being provided out of caution and is intended to support employees who may face risks associated with the exposure of personal data. The company encouraged the individuals concerned to enrol in the service and to remain attentive to any irregular activity involving their financial or online accounts.
The disclosed information indicates that the company treated the incident as a significant security matter. The description of immediate containment steps suggests that the company aimed to prevent continued access rather than assume the intrusion was isolated. The forensic analysis was presented as independent and intended to provide clarity on the nature of the breach. MAG Aerospace did not report any service disruption or operational impact, but focused the disclosure on the exposure of employee information.
The statement that no evidence of misuse had been identified is limited to the time of the disclosure. The offer of identity theft protection indicates recognition that risks can emerge months or years after personal data has been exposed. The company did not describe the method used to gain access or the identity of the attackers. There was no indication in the disclosure that classified or operational defence information was affected. The focus remained on personal information stored within internal systems.
Employees affected by the incident were advised to review any notifications provided by the company and to make use of the identity protection service. Individuals were encouraged to monitor financial statements and account activity. They may also review credit reports to identify any unfamiliar entries. MAG Aerospace said it remains committed to maintaining security controls and will continue to participate in the investigation. The company said it intends to provide further updates if new information becomes available.