Hackers have compromised sensitive documents stolen from a major American IT company supplier, whose client list includes several U.S. government agencies, including the Department of Defense.
The sensitive data belonging to Virginia-based Leidos Holdings was compromised when hackers exploited a vulnerability at software-as-a-service provider Diligent during a reported breach in 2022.
Allegedly linked to Russia, the notorious Trigona ransomware group has been implicated in a massive data leak, following a pattern of attacks that previously targeted prominent firms like Mexico’s Claro telecommunications company.
In October 2023, Ukrainian Cyber Alliance hackers claimed to have successfully infiltrated Trigona’s leak website, gaining access to sensitive materials including internal chats, confidential data, and the site’s underlying code.
Regrettably, the cybercriminal organization’s activities were merely temporarily interrupted, suggesting a lasting impact remained elusive.
A major relief for the Pentagon, which is Leidos’s biggest customer, as it appears that the compromised data primarily consists of internal company information akin to confidential reports and findings rather than anything considered militarily sensitive.
US government agencies, such as NASA and the Department of Homeland Security, are unlikely to issue a sigh of relief?
A software issue stemming from an earlier incident involving a third-party vendor has been identified, with critical notifications issued in 2023, according to Leidos representatives. “This isolated event had no discernible impact on our community or compromised sensitive customer data.”
As a result, Diligent claims that the breach affects an organisation it acquired in 2021.
According to Diligent, the data breach was linked to Steele Compliance Solutions and took place in 2022, with prompt notification sent to affected clients regarding the incident and recommended remedial measures.
On November 11, 2022, Diligent promptly informed Leidos about a significant safety issue: unauthorized access to sensitive information that should have been kept confidential and secure.
“We place paramount importance on safety and can confidently say that we’ve implemented rigorous measures to ensure any acquired company adheres to the same high standards that our customers expect from a Diligent product.”
It’s unacceptable that sensitive information might be compromised by a Pentagon IT supplier, with data potentially leaking online without authorization. Despite this, it’s still significantly more private than classified military documents being freely available online for public access.
