Mercury Corp., a long-standing U.S.-based aerospace manufacturing company, has confirmed a data breach that compromised personally identifiable information (PII) of thousands of individuals. The breach occurred in mid-February 2025, and the company disclosed details in a notification letter sent to affected parties.
The firm stated that attackers were active inside its systems for approximately one day. Although brief, the unauthorized access led to exposure of sensitive personal information.
Compromised Data Includes Social Security Numbers and Driver’s Licenses
According to Mercury Corp.’s disclosure, the following categories of information were potentially exposed:
- Full names
- Home addresses
- Dates of birth
- Driver’s license numbers
- Social Security numbers (SSNs)
A report submitted by the company to the Maine Attorney General’s Office confirmed that more than 3,000 individuals were affected during the breach.
Potential Risks Following the Data Breach
While the company’s investigation is ongoing, Mercury Corp. stated:
“The incident investigation did not confirm what, if any, personal information may have been accessed or exfiltrated as a result of the incident.”
Despite that uncertainty, the nature of the compromised data heightens the risk of identity theft, fraudulent credit applications, and phishing attacks. Security experts note that even without confirmation of data theft, the exposure of such PII allows attackers to impersonate individuals or design targeted social engineering campaigns.
Background: Mercury Corp.’s Legacy in U.S. Defense and Manufacturing
Founded in the 1920s as Mercury Aircraft, the company has deep ties to the U.S. defense and aerospace industries. Historically a supplier of aircraft and components to the U.S. Army, Mercury Corp. now partners with several major organizations including IBM, Lockheed Martin, USPS, Kodak, and others.
Given the nature of its operations and clientele, the breach presents concerns for both commercial and government-related security stakeholders.
As cyberattacks targeting defense-linked manufacturers grow in frequency, this incident underscores the importance of securing PII and protecting high-value data across critical sectors. Mercury Corp. has not disclosed whether any further mitigation or notification steps are planned beyond its initial letter.
