Pentagon IT Service Provider Hacked: U.S. Government Secrets Exposed

Leidos Holdings Inc., one of the largest IT services providers to the U.S. government, experienced a significant cybersecurity breach. Hackers leaked internal documents, raising concerns about the security of sensitive government data managed by third-party contractors.

Leidos, known for its extensive work with the Pentagon and other federal agencies, was the largest federal IT contractor in the 2022 fiscal year, with $3.98 billion in contract obligations.

The company’s clients include the Defense Department, the Department of Homeland Security, NASA, other U.S. and foreign agencies, and commercial businesses. Contracts with the U.S. government constitute 87% of Leidos’ revenue.

The leaked documents are believed to have been stolen as part of two breaches of Diligent Corp. in 2022, a platform Leidos used. The nature and sensitivity of the stolen documents remain unclear, but the leak underscores vulnerabilities in the cybersecurity frameworks of companies handling critical government information.

Download Free Cybersecurity Planning Checklist 2024 (PDF) – Download Here

According to the Cyber Press team investigation report, The data consists of one gigabyte of files in the following formats: zip, msg, doc, jpg, png, xls/x, and pdf. These files are associated with Leidos technical assistance and its customers.

Part one of the data set has 451 files representing credits, and part two contains 6,500 files representing bitcoins or dollars.

Leaked documents were found on a cybercrime forum. Bloomberg News reviewed some files but couldn’t verify their authenticity due to obscured details. The exact content and nature of these documents have not been publicly disclosed.

Leidos recently became aware of the issue and is actively investigating the extent of the breach. The company has not yet made a public statement regarding the specifics of the leaked documents or the steps it is taking to mitigate the impact. Leidos has declined to comment on the stolen information.

The threat actor responsible for the breach has indicated plans to sell the data in two different types, further exacerbating concerns over the potential misuse of sensitive information. This incident has prompted a broader discussion on government contractors’ security measures and protocols.

The consequences of such data breaches are far-reaching, including financial losses, reputational damage, operational disruptions, and legal complications.

Cybersecurity experts warn that breaches like this can seriously damage consumer trust and make organizations face intense scrutiny from regulators and customers.

Leidos, formed in 2013 and later acquiring Lockheed Martin Corp.’s information technology business, plays a crucial role in national security through its IT services and solutions.

The recent security breach has prompted the company to take immediate action to evaluate the extent of the damage and to strengthen its defenses against future attacks.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo