Internal Documents from Pentagon and NASA IT Provider ‘Leidos’ Have Reportedly Leaked

• A hacker allegedly leaked internal documents from IT giant Leidos on a cybercrime forum.
• The data comes from a previous breach and apparently does not involve sensitive client information.
• The company counts the Pentagon and NASA among its U.S. government agencies clients.

IT services provider Leidos Holdings Inc. recently became aware of its internal documents being stolen and allegedly leaked by hackers on a cybercrime forum and started investigating the data breach, as per a Bloomberg News report. The Virginia-based company works with several U.S. government agencies, including the Department of Defense.

The IT giant says this security incident did not impact the company network and sensitive customer data. However, the types of leaked documents were not disclosed. Bloomberg reviewed some of the files in the sample provided by the hacker, but the documents’ authenticity could not be verified due to details being redacted.

Still, Leidos handles the Pentagon, the Department of Homeland Security, NASA, and other U.S. government agencies, and none have commented yet.

Leidos believes the private files were exfiltrated during a previously reported third-party vendor data breach in 2022. The security incident stemmed from a Diligent Corp. software vulnerability. All necessary notifications were made in 2023, with the company filing with the Attorney General of Montana.

Diligent is a third-party service provider to Leidos and hosts the company’s enterprise case management system (ECMS), which the company uses to store information gathered in internal investigations.

According to the filing, on November 11, 2022, Diligent notified Leidos that an unauthorized party had accessed confidential information provided to Leidos starting as early as September 2022. The incident affected Diligent subsidiary Steele Compliance Solutions.