Hackers Leak Documents From Pentagon IT Provider Leidos (1)

Hackers have leaked internal documents stolen from Leidos Holdings Inc., one of the largest IT services providers to the US government, according to a person familiar with the matter.

Leidos recently learned of the issue and believes the documents were stolen in a previously disclosed breach of a Diligent Corp. system it used, said the person, who asked not to be identified because the information isn’t public. Leidos is investigating the issue, the person added.

Shares in the IT services firm fell more than 4% in after-hours trading before largely erasing losses. The stock has gained over 40% this year. Its customers include theDefense Department, the Department of Homeland Security and NASA, among other US and foreign agencies and commercial businesses. The IT services firm used the Diligent system to host information gathered in internal investigations, according to a June 2023 filing in Massachusetts.

“We have confirmed that this stems from a previous incident affecting a third-party vendor for which all necessary notifications were made in 2023,” a Leidos spokesperson said. “This incident did not affect our network or any sensitive customer data.”

The Pentagon, the Department of Homeland Security and NASA didn’t immediately respond to requests for comment. Bloomberg News reviewed some files that were purportedly from Leidos on a cybercrime forum, but details were redacted and Bloomberg couldn’t verify their authenticity.

A Diligent spokesperson said the leak appeared to be from a 2022 hack affecting its subsidiary business Steele Compliance Solutions, which it acquired in 2021. Fewer than 15 customers, including Leidos, used the product at the time, they added.

“We promptly notified impacted customers, including Leidos which Diligent initially notified in November 2022, and took immediate corrective action to contain the incident,” the spokesperson said.

The documents were believed to have been stolen as part of two breaches of Diligent in 2022, according to filings.

Leidos was formed in 2013 and later acquired Lockheed Martin Corp.’s information technology business. It was the largest federal IT contractor in the 2022 fiscal year, with $3.98 billion in contract obligations, according to Bloomberg Government data.

(Updates with Leidos’s comment and share action from the third paragraph)

To contact the reporter on this story:
Charles Gorrivan in New York at cgorrivan@bloomberg.net

To contact the editors responsible for this story:
Andrew Martin at amartin146@bloomberg.net

Jake Rudnitsky, Liau Y-Sing

© 2024 Bloomberg L.P. All rights reserved. Used with permission.