Hackers have leaked sensitive internal documents from Leidos Holdings Inc., one of the largest IT services providers for the U.S. government. This breach, reported by Bloomberg News, is tied to a vulnerability in a Diligent Corp. system that Leidos utilized for hosting crucial internal investigation data. The Virginia-based company, a significant contractor for the U.S. Department of Defense, has initiated a thorough internal investigation to assess the extent of the damage. The leaked documents are related to internal investigations within Leidos and could have far-reaching implications for the company’s operations and its government contracts.
Diligent Corp. has confirmed that the leak is connected to a 2022 cyberattack on Steele Compliance Solutions, a subsidiary acquired by Diligent in 2021. At the time of the breach, Steele Compliance Solutions had a limited customer base of fewer than 15 clients, including Leidos. This connection points to the vulnerabilities inherent in third-party services and highlights the risks associated with managing sensitive information through external systems. The compromised Diligent system was used by Leidos to store and manage critical data, amplifying the breach’s potential impact.
Leidos, known for its extensive work with the U.S. Department of Defense and other government entities, has not yet responded to requests for comment from Reuters. The lack of immediate comment underscores the sensitivity of the situation and the potential implications for national security. The leaked documents, which include details of internal investigations and operational data, could provide adversaries with valuable insights into Leidos’ activities and, by extension, its work with government clients. This situation not only raises concerns about the specific breach but also about the broader risks associated with third-party service providers in sensitive sectors.
Diligent Corp. has provided minimal information beyond confirming the link to the Steele Compliance Solutions breach. As investigations into the breach continue, both Leidos and Diligent are expected to release further details. The incident highlights the critical need for robust cybersecurity measures and continuous monitoring of third-party risks. Organizations must remain vigilant and proactive in safeguarding sensitive information against sophisticated cyber threats, ensuring that third-party services are secure and that potential vulnerabilities are promptly addressed. This breach serves as a poignant reminder of the complexities and challenges involved in protecting sensitive data in an interconnected digital landscape.
Reference:
