Hackers released internal documents stolen from one of the largest US IT service providers, whose clients include various US government agencies, including the Department of Defense.
Bloomberg The leaked data, which reportedly belonged to Virginia-based Leidos Holdings, was seized by hackers during a previously reported breach that occurred at software-as-a-service company Diligent in 2022, according to the report.
The cybercrime group behind the data leak is said to be the Russia-linked Trigona ransomware gang, whose previous victims included Mexican telecommunications company Claro.
In October 2023, hacktivists from the Ukrainian Cyber Alliance announced they had taken over Trigona’s leak site and seized copies of the organization’s internal chats, data, and website source code.
Unfortunately, and perhaps not surprisingly, the disruption to cybercrime activity was only temporary.
The good news for the Pentagon (the Department of Defense is Leidos’ largest customer) is that the information stolen was not considered military sensitive and is likely mostly internal Leidos data (such as internal reviews and investigations).
Other U.S. government agencies no doubt breathing a sigh of relief include NASA and the Department of Homeland Security.
“We can confirm that this resulted from an earlier incident impacting a third-party vendor for which all required notifications were given in 2023,” a Leidos spokesperson reportedly said. “The incident did not impact our network or any sensitive customer data.”
Diligent, meanwhile, told reporters that the breach was related to a company it acquired in 2021.
Diligent said the data breach was linked to Steele Compliance Solutions and occurred in 2022, and that it notified affected customers at the time about the incident and the steps they should take.
Diligent appears to have notified Leidos on Nov. 11, 2022, about a security incident in which unauthorized parties accessed data that should have been kept secure.
“We take security very seriously and are confident that we have taken the necessary steps to ensure that the companies we acquire meet the same standards that our customers expect from Diligent products,” a Diligent spokesman said. Registry.
Of course, it’s not a good thing that data from a Pentagon IT supplier may have been leaked online, but it’s far better than having classified military documents shared online for anyone to download.
