Internal documents stolen from Pentagon IT supplier Leidos leaked online

Internal documents from Leidos Holdings, a major IT services provider contracted with the Department of Defense and other US government agencies, have been leaked online.

The documents are believed to have been stolen during a previously disclosed attack on Diligent Corporation, a governance software provider. Leidos, a Diligent customer, recently became aware that the documents were being circulated, though the original attack occurred in 2022, according to Bloomberg, which cited an anonymous source.

A Leidos spokesperson said that the leak stemmed from an earlier incident involving a third-party vendor and that all required data breach notifications had already been made in 2023. The spokesperson reiterated that no sensitive customer data was compromised.

Leidos, formed from a merger with Lockheed Martin’s Information Systems & Global Solutions business in 2016, is a significant IT services provider in the defense sector. It serves the Department of Defense, Department of Homeland Security, NASA, and other government agencies, making any internal information leak potentially serious.

Bloomberg reported that Leidos used Diligent’s services to store information from internal investigations, but the specifics of the stolen data remain unclear. Cybercriminals reportedly claimed on a cybercrime forum that the documents originated from Leidos, but such information should be approached with caution.

Leidos is headquartered in Reston, Virginia, and employs approximately 47,000 people. The company reported a revenue of $15.4 billion for the fiscal year ending December 29, 2023. This month, Leidos announced a $476 million contract to continue providing cargo mission engineering and integration services for NASA’s International Space Station (ISS) Program and Artemis campaign.