News: 1721827868

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Data pilfered from Pentagon IT supplier Leidos

(2024/07/24)


Updated Internal documents stolen from Leidos Holdings, an IT services provider contracted with the Department of Defense and other US government agencies, have been leaked.

The Leidos files that have made their way into the wild are claimed not to hold any "sensitive customer data," but the incident highlights the need for greater security awareness.

The documents are believed to have been stolen in a previously disclosed attack and data theft at [1]Diligent Corporation , a provider of governance software. Leidos, which is a Diligent customer, is said to have only recently learned that the documents were currently being circulated, although the original attack happened in 2022, according to a [2]Bloomberg report citing an anonymous source.

[3]

A spokesperson for Leidos told The Register that the leaked documents resulted from a previous incident "affecting a third-party vendor" and that all necessary data breach notifications were already been made in 2023. The incident did not involve any sensitive customer data, the spokesperson insisted.

[4]

[5]

[6]Leidos merged with Lockheed Martin's Information Systems & Global Solutions (IS&GS) business in 2016 to form one of the defense industry's largest IT services providers. As well as the Department of Defense, it provides services for the Department of Homeland Security, NASA, and other US government agencies, making any leak of internal information potentially serious.

According to Bloomberg, Leidos was using the Diligent service to hold "information gathered in internal investigations," but it is not clear exactly what kind of information this might be. The news agency claims it was able to view documents that cyber criminals claimed originated from Leidos on a "cybercrime forum," although any information from miscreants of the sort should be taken with a bucketload of salt.

[7]Nvidia said to be prepping Blackwell GPUs for Chinese market

[8]DARPA slaps down credit card for 3D military chiplets – $840M ought to be enough?

[9]GlobalWafers scores $400M to help build US's first 300mm wafer plants in Texas and Missouri

[10]Engineers risk blasting US missile defense to smithereens, say auditors

We asked the US Department of Defense for comment on the matter.

Leidos is also likely to face greater scrutiny from its customers as it weighs up any potential damage and looks to prevent any such future incidents.

[11]

The company, which is headquartered in Reston, Virginia, has a workforce of about 47,000 employees and primarily serves customers in heavily regulated industries. Leidos reported revenue of $15.4 billion for its fiscal year ended December 29, 2023.

Leidos announced earlier this month that it has won a contract to continue providing cargo mission engineering and integration services for NASA's International Space Station (ISS) Program and Artemis campaign, said to be worth $476 million. ®

Updated to add at 1533 UTC on July 24

A Diligent spokesperson told The Register : "This matter appears to concern an incident that took place in 2022 affecting Steele Compliance Solutions, an entity Diligent acquired in 2021. In November 2022, upon identification of the incident, we promptly notified impacted customers and took immediate corrective action to contain the incident. This incident did not impact Diligent Boards or any of our other products.

"We take security very seriously and believe we have taken the necessary steps to ensure any acquired company meets the same standard that our clients expect in a Diligent product."

Get our [12]Tech Resources



[1] https://www.diligent.com/

[2] https://www.bloomberg.com/news/articles/2024-07-23/hackers-leak-documents-from-pentagon-it-services-provider-leidos

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZqElHAAb60NhoTjbYU3dKAAAAME&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZqElHAAb60NhoTjbYU3dKAAAAME&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZqElHAAb60NhoTjbYU3dKAAAAME&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://www.leidos.com/

[7] https://www.theregister.com/2024/07/22/nvidia_said_to_be_prepping/

[8] https://www.theregister.com/2024/07/18/darpa_awards_840m_to_utaustin/

[9] https://www.theregister.com/2024/07/17/globalwafers_scores_400m_for_building/

[10] https://www.theregister.com/2024/06/27/missile_defense_agency_audit/

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZqElHAAb60NhoTjbYU3dKAAAAME&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[12] https://whitepapers.theregister.com/



Hitting close to home

Anonymous Coward

My employer has very close ties with Leidos doing very similar work. I hope we aren't going to be caught up in this.

(Sadly, any more information than that would be too much to avow publicly, even while anon (for obvious reasons).)

What is governance software ?

t245t

ClippyAI: “Diligent governance software is a comprehensive suite of tools designed to streamline and enhance corporate governance processes for boards of directors, executives, and governance professionals.”

“Provides secure platforms for board members to access documents, collaborate on board materials, and manage meetings. Features include real-time updates, digital signatures, and offline access.”

Murray's Rule:
Any country with "democratic" in the title isn't.