Leidos Holdings, the IT services provider for the U.S. Department of Defense, the Department of Homeland Security, and NASA, has confirmed having internal data stolen from a third-party breach exposed by threat actors but emphasized that neither its network nor customer information was affected, according to BNN Bloomberg.
"We have confirmed that this stems from a previous incident affecting a third-party vendor for which all necessary notifications were made in 2023," noted a Leidos spokesperson. Such exposed information may have been exfiltrated from a compromised Diligent Corp. system leveraged by Leidos for internal investigation data hosting, noted a source close to the matter. Meanwhile, Diligent disclosed the incident, which has affected fewer than 15 clients, to be related to the breach of its subsidiary Steele Compliance Solutions two years ago. "We promptly notified impacted customers, including Leidos which Diligent initially notified in November 2022, and took immediate corrective action to contain the incident," said the Diligent spokesperson.
