- Hackers have leaked internal documents from Leidos, a major US government IT services provider, after a breach involving a third-party vendor Diligent, which affected fewer than 15 customers.
- The data breach raises concerns about the cybersecurity practices of third-party vendors and underscores the need for robust security measures, and vigilant monitoring.
OUR TAKE
Reliance on external partners for data security is a relatively weak link that needs urgent attention. The main function of regulations is to protect data within the legal entities. Once hackers or other people with unknown purposes attack cybersecurity, regulation cannot pose a threat to it, then only technological progress can deal with it.
–Ashley Wang, BTW reporter
What happened
Internal documents from Leidos, a major IT services provider to the US government, have been leaked by hackers. The documents were reportedly stolen in a breach involving Diligent, a third-party vendor that Leidos used for hosting information gathered in internal investigations.
The leak, linked to a 2022 cyberattack on Diligent’s subsidiary, Steele Compliance Solutions, has affected fewer than 15 customers, including Leidos. Diligent notified affected parties about the breach and took immediate action to contain the incident.
Leidos recently discovered the extent of the leak and is currently investigating the matter. The company has assured that the breach did not impact its internal network or compromise sensitive customer data. Despite initial concerns, the company’s shares saw a minor dip of over 4% in after-hours trading but recovered most of the losses.
Also read: Cybersecurity firm Wiz scraps $23B merger agreement with Google
Also read: Cybersecurity threats: The shadowy realities of digital espionage
Why it’s Important
This breach lies in the high-profile nature of Leidos’ clientele, which includes critical US agencies such as the Department of Defense, the Department of Homeland Security, and NASA. As one of the top federal IT contractors, Leidos handles substantial and sensitive data, making any security breach potentially significant. While Leidos has stated that no sensitive customer data was compromised, the incident raises concerns about the cybersecurity practices of third-party vendors handling crucial data.
Data breaches are not rare incidents in today’s digital world. The broader issue of cybersecurity in the IT services industry, especially for firms dealing with government contracts, demands immediate attention from policymakers and industry leaders alike. It underscores the necessity for robust security measures and vigilant monitoring of third-party service providers. The incident also points to the importance of transparency and prompt notification to stakeholders about potential data breaches.