Mercury Corp. hack exposes personal data: driver’s licenses, addresses, and social security numbers - HackYourMom

11 April 2025 2 minutes Author: Newsman

American manufacturing firm Mercury Corp. announced the leak of confidential information for more than 3,000 people after a cyberattack that occurred in February 2025. The attackers were on the system for only 24 hours, but that was enough to gain access to driver’s licenses, social security numbers, and other personal data.

In an appeal to the victims, the company noted that the attackers managed to temporarily penetrate its internal network. Although the attack lasted only a day, the hackers gained access to names, addresses, dates of birth, driver’s licenses, and social security numbers. Mercury Corp. filed an official incident report with the Maine Attorney General’s Office, confirming that the breach affected at least 3,000 people.

Although the company stated in the letter that the investigation could not establish with certainty the scale of the breach or the fact of data export, the very fact of gaining access to such sensitive PII (personally identifiable information) already poses a serious threat to victims. Cybercriminals can use this information to commit fraud: open credit accounts, file false tax returns, or conduct phishing campaigns that will be extremely convincing due to the presence of real personal data.

Mercury Corp. (formerly Mercury Aircraft) is a company with a nearly century-old history that began as a supplier of aircraft parts for the US military. Today, its partners include giants such as IBM, Lockheed Martin, USPS, and Kodak. Despite its long-standing presence in the market and cooperation with government and defense contractors, the company has found itself vulnerable to modern cyber threats.

Incident with Mercury Corp. once again demonstrates that even experienced players in the market, with a long reputation, can become victims of quick and targeted attacks. One day of an attacker’s stay in the system and thousands of people are left at risk of identity theft. Such cases should serve as an incentive for manufacturing companies to strengthen security policies, especially when it comes to the data of employees, customers and government partners.

Other related articles

New Cyber Command and NSA chief speaks calmly after Ho’s controversial resignation

The speech of the new head of Cyber Command and NSA, William Hartman, after the sudden dismissal of Tim Ho, showed that the US Senate is concerned about the possible division of the structure that has so far provided effective protection in cyberspace from China. Hartman stressed the importance of dual leadership and readiness to counter threats from the hacking groups Salt Typhoon and Volt Typhoon.

122

Moscow court fines Telegram for failing to remove anti-government content

A court in Moscow has fined Telegram 7 million rubles for refusing to remove calls for protests and terrorist attacks against the Russian authorities. The company is accused of spreading extremist content, and the platform has not yet commented. This is part of a broader confrontation between the Russian authorities and "digital services that protect freedom of speech".

143

Millions of websites affected, XSS and SQL injections are key threats to WordPress

In 2024, WordPress suffered massive attacks – XSS and SQL injections hit millions of sites, especially due to plugin vulnerabilities. Wordfence blocked over 10 billion hacking attempts, urging administrators to constantly update websites, use 2FA and avoid unverified extensions. WordPress security requires close attention, as even moderate vulnerabilities can cause serious threats.

128

Found an error?

If you find an error, take a screenshot and send it to the bot.

↑