Leidos Hacked: Hackers leaked stolen internal documents from Pentagon IT provider Leidos; sensitive U.S. government documents exposed

Hackers have leaked a trove of internal documents stolen from Leidos Holdings Inc., a major IT services provider for the Pentagon, Homeland Security, NASA, and other U.S. government agencies, Bloomberg reported.

Leidos recently discovered the breach, believed to have originated from a previously disclosed compromise of a system operated by Diligent Corp., as per an anonymous source due to the sensitive nature of the information. The company is currently investigating the breach.

“Hackers have leaked internal documents stolen from Leidos Holdings Inc., one of the largest IT services providers to the US government, according to a person familiar with the matter,” Bloomberg reported.

According to another report from the Cyber Press team investigation team, the leaked data comprises one gigabyte of files in various formats, including zip, msg, doc, jpg, png, xls/x, and pdf. These files are linked to Leidos’ technical assistance and its clientele. The dataset includes 451 files relating to credits and 6,500 files associated with bitcoins or dollars.

Some of the leaked documents appeared on a cybercrime forum. While Bloomberg News has reviewed a portion of the files, it couldn’t confirm their authenticity due to the obfuscation of details. The exact content and nature of these documents remain undisclosed to the public.

Leidos acknowledged the issue, attributing the document theft to a breach of the Diligent system, initially reported in June 2023. The company is actively investigating the matter and has yet to publicly address the specifics of the leaked documents or the measures being taken to mitigate the impact. Leidos has declined to comment on the stolen information.

“Leidos recently learned of the issue and believes the documents were stolen in a previously disclosed breach of a Diligent Corp. system it used, said the person, who asked not to be identified because the information isn’t public. Leidos is investigating the issue, the person added,” Bloomberg wrote.

A spokesperson for Diligent mentioned that the issue appears related to a 2022 incident affecting its subsidiary Steele Compliance Solutions. The company informed affected customers and took corrective actions to contain the breach in November 2022.

The cybercriminal responsible for the breach has indicated plans to sell the data in two distinct categories, raising further concerns about the potential misuse of sensitive information. This incident has sparked a wider conversation about the security measures and protocols of government contractors. In a post on X, one user wrote:

“This breach has raised concerns about the security of sensitive information held by government contractors.”

https://twitter.com/LarryDJonesJr/status/1815878590241652934

Virginia-based Leidos, which was the largest federal IT contractor in the 2022 fiscal year with $3.98 billion in contract obligations, primarily serves the U.S. Department of Defense. Its clients also include the Department of Homeland Security, NASA, various U.S. and foreign agencies, and commercial businesses. Government contracts make up 87% of Leidos’ revenue.

The news of Leidos’ data leak came just a week after AT&T confirmed it suffered a significant data breach, that resulted in the unauthorized download of records from approximately 109 million customer accounts.

As cybersecurity threats continue to escalate, these incidents highlight the pressing need for robust data protection measures to safeguard sensitive information.