Ransomware attack on US Navy shipbuilder leaked information of nearly 17,000 people

An April ransomware attack on a company that builds ships for the U.S. Navy exposed the information of nearly 17,000 people, according to documents filed with regulators in Maine this week.

The regulatory filing comes nearly nine months after several local news outlets in Wisconsin reported that Fincantieri Marine Group — the U.S. arm of Italian shipbuilding company Fincantieri — was dealing with a ransomware attack that caused widespread production issues.

The company did not respond to requests for comment at the time but sent a statement to the United States Naval Institute (USNI) and the Green Bay Press Gazette confirming it had experienced a cybersecurity incident that caused “a temporary disruption to certain computer systems on its network.”

The company said at the time that its network security officials “immediately isolated systems and reported the incident to relevant agencies and partners."

"Fincantieri brought in additional resources to investigate the incident and to restore full functionality to the affected systems as quickly as possible,” the company told the news outlets.

On January 5, the company sent out breach notification letters explaining that on April 12, 2023, it “became aware of a cyberattack on its computer systems that included the encryption of certain files.”

“FMG promptly took steps to secure its environment and began an investigation into the nature and scope of the incident. The investigation determined that, in connection with the incident, there was unauthorized access to certain systems in FMG’s environment between April 6, 2023, and April 12, 2023, and as a result, certain data stored on its systems were subject to unauthorized acquisition,” the letters said.

“FMG then undertook a comprehensive review of the affected data to confirm what information was impacted. On November 6, 2023, FMG determined that personal information relating Maine residents was in the files at issue. The personal information involved includes name, and Social Security number.”

The company told regulators in Maine that 16,769 people had information leaked due to the ransomware attack. They are providing victims with two years of free credit monitoring services.

USNI reported in April that the shipyard builds the Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate. The Navy did not respond to requests for comment in April or on Friday but told USNI at the time that it was aware of the incident.

According to USNI, the attack disrupted the servers that fed information to manufacturing machines. For days, the machines responsible for welding, cutting and more were down after the servers were knocked offline.

The Green Bay Press Gazette reported that the shipyards in Marinette, Sturgeon Bay and Green Bay employ a total of about 2,300 people. The company did not respond to requests for comment about whether the 16,769 people affected included current and former employees.

Another Navy shipbuilder — Austal — confirmed that it had faced a cyberattack in December after a ransomware gang took credit for the incident.