Hackers Leak Documents From Pentagon IT Services Provider Leidos

Hackers have leaked internal documents stolen from Leidos Holdings Inc., one of the largest IT services providers to the US government, according to a person familiar with the matter.

Leidos recently learned of the issue and believes the documents were stolen in a previously disclosed breach of a Diligent Corp. system it used, said the person, who asked not to be identified because the information isn’t public. Leidos is investigating the issue, the person added.

Leidos’ customers include the Defense Department, the Department of Homeland Security and NASA, among other US and foreign agencies and commercial businesses. Leidos used the Diligent system to host information gathered in internal investigations, according to a June 2023 filing in Massachusetts.

Leidos declined to comment on the stolen information. The Pentagon, the Department of Homeland Security and NASA didn’t immediately respond to requests for comment. Bloomberg News reviewed some files that were purportedly from Leidos on a cybercrime forum, but details were redacted and Bloomberg couldn’t verify their authenticity.

A Diligent spokesperson said the leak appeared to be from a 2022 hack affecting its subsidiary business Steele Compliance Solutions, which it acquired in 2021. Fewer than 15 customers, including Leidos, used the product at the time, they added.

“We promptly notified impacted customers, including Leidos which Diligent initially notified in November 2022, and took immediate corrective action to contain the incident,” the spokesperson said.

The documents were believed to have been stolen as part of two breaches of Diligent in 2022, according to filings.

Leidos was formed in 2013 and later acquired Lockheed Martin Corp.’s information technology business. It was the largest federal IT contractor in the 2022 fiscal year, with $3.98 billion in contract obligations, according to Bloomberg Government data.

Photo: Photo by Alex Wong/Getty Images