Internal documents stolen from Leidos Holdings, an IT services provider contracted with the Department of Defense and other US government agencies, have been leaked.

The Leidos files that have made their way into the wild are claimed not to hold any "sensitive customer data," but the incident highlights the need for greater security awareness.

The documents are believed to have been stolen in a previously disclosed attack and data theft at Diligent Corporation, a provider of governance software. Leidos, which is a Diligent customer, is said to have only recently learned that the documents were currently being circulated, although the original attack happened in 2022, according to a Bloomberg report citing an anonymous source.

A spokesperson for Leidos told The Register that the leaked documents resulted from a previous incident "affecting a third-party vendor" and that all necessary data breach notifications were already been made in 2023. The incident did not involve any sensitive customer data, the spokesperson insisted.

Leidos merged with Lockheed Martin's Information Systems & Global Solutions (IS&GS) business in 2016 to form one of the defense industry's largest IT services providers. As well as the Department of Defense, it provides services for the Department of Homeland Security, NASA, and other US government agencies, making any leak of internal information potentially serious.

According to Bloomberg, Leidos was using the Diligent service to hold "information gathered in internal investigations," but it is not clear exactly what kind of information this might be. The news agency claims it was able to view documents that cyber criminals claimed originated from Leidos on a "cybercrime forum," although any information from miscreants of the sort should be taken with a bucketload of salt.

We asked Diligent for more information, and will update if we get answers.

We asked the US Department of Defense for comment on the matter.

Leidos is also likely to face greater scrutiny from its customers as it weighs up any potential damage and looks to prevent any such future incidents.

The company, which is headquartered in Reston, Virginia, has a workforce of about 47,000 employees and primarily serves customers in heavily regulated industries. Leidos reported revenue of $15.4 billion for its fiscal year ended December 29, 2023.

Leidos announced earlier this month that it has won a contract to continue providing cargo mission engineering and integration services for NASA's International Space Station (ISS) Program and Artemis campaign, said to be worth $476 million. ®

https://www.theregister.com//2024/07/24/leidos_data_leak/