McKay, a key contractor for government infrastructure projects, has reported a large-scale data exfiltration. The breach involves internal corporate files, including technical documentation for classified government facilities.
The most significant exposure relates to Waikeria Prison. McKay was responsible for electrical systems and automation at the facility. The stolen documents include detailed schematics for security perimeters, power grids, and high-security units.
Scope of the Breach
According to preliminary analysis, the attackers gained access to an archive of project files. While the full extent is still being assessed, officials confirm that documents tied to national defense and energy sectors were also part of the compromised data.
McKay generates approximately $135.8 million in annual revenue. The company operates across shipbuilding, green energy solutions, and defense-related infrastructure.
Response and Next Steps
McKay has taken the following actions:
– Engaged an independent cybersecurity firm to investigate
– Isolated affected systems to prevent further access
– Notified government agencies that may be impacted by the leak
The company has not disclosed whether the attackers have demanded ransom or if the data has appeared on public forums.
Security Implications
This incident underscores a recurring issue in critical infrastructure protection. Contractors are often granted high-level access to sensitive systems. But their cybersecurity posture does not always match the importance of the data they hold.
For state agencies, this raises questions about how third-party vendors are vetted and monitored. For McKay, it means rebuilding trust and tightening internal security controls.
What Happens Now
Authorities are expected to review how McKay handled sensitive data and whether proper safeguards were in place. The company may also face scrutiny from government partners regarding future contracts.
The investigation is active. McKay says they will provide updates as more information is verified.
