Hackers have managed to gain access to and steal documents from Leidos, a firm which provides IT services to a number of US government bodies including the Pentagon.
A Bloomberg report the company stating the stolen documents were taken as part of a breach of a Diligent Corp. system the company was using for information hosting in internal investigations, Leidos stated in a report on the breach.
It added the breach was the result of a previous issue in 2023 that affected a third-party vendor, with a company spokesperson saying, “We have confirmed that this stems from a previous incident affecting a third-party vendor for which all necessary notifications were made in 2023. This incident did not affect our network or any sensitive customer data.”
Another third-party supply chain issue
Leidos Holdings states that the breach was the result of a previous issue in 2023 that affected a third-party vendor, with a company spokesperson saying that “We have confirmed that this stems from a previous incident affecting a third-party vendor for which all necessary notifications were made in 2023. This incident did not affect our network or any sensitive customer data.”
A Diligent Corp. spokesperson also responded to the breach, stating that it was related to an incident that occurred in 2022, which affected Diligent subsidiary Steele Compliance Solutions. The spokesperson stated that “We promptly notified impacted customers, including Leidos which Diligent initially notified in November 2022, and took immediate corrective action to contain the incident.”
Bloomberg News was unable to verify the authenticity of the documents leaked online, and stated that details on the stolen documents were redacted. Other customers of Leidos include NASA and the US Department of Defense, among a range of US and foreign agencies.
The Pentagon was recently hit by security worries after a number of high ranking government officials had their Microsoft hosted emails leaked by a Chinese threat actor, with as many as 20,000 affected by the breach.