Pentagon & NASA IT Service Provider Hacked – Confidential Data Leaked Online – Exclusive!

Cyber Press researchers found massive leaked documents from ‘Leidos Holdings,” one of the largest IT service providers for government agencies such as the Pentagon, Homeland Security, and NASA.

Leidos is an American information technology company serving industries such as National security, defense, healthcare, engineering, and technical services.

Leidos has many contracts with the Department of Defense, the Department of Homeland Security, and the Intelligence Community, as well as other government agencies in the United States and certain commercial markets. Contracts with the United States government account for 87% of the company’s revenue.

An undisclosed hacker group attacked Leidos Holdings, ultimately resulting in the disclosure of the company’s confidential information for public consumption.

Cyber Press uncovered this leak from one of the infamous data leak forums, under the name “Abu_Al_Sahrif,” suspected of joining the forum in 2024 to leak the Leidos data stolen from a recent breach.

“Today, I am leaking a collection of internal documents belonging the Leidos – is an American information technology company. Contracts with the U.S. government account for 87% of its revenue.”

The Cyber Press team reviewed the leaked files. The data consists of one gigabyte of files in the following formats: zip, msg, doc, jpg, png, xls/x, and pdf. These files are associated with Leidos technical assistance and its customers.

Part one of the data set has 451 files representing credits, and part two contains 6,500 files representing bitcoins or dollars.

We also found the same data on Monday on another data leak forum under the user name “Frog,” which frequently leaks data stolen from respective victims of data breaches.

Hackers sold the leaked data for $30,000 and claimed that the price was negotiable depending on the number of users interested.

According to the source, who requested anonymity due to the sensitive nature of the information, Leidos has only now become aware of the problem and suspects that the stolen records were part of a breach involving a Diligent Corp. system that it had previously revealed.

However, the company stated, “This incident did not affect our network or any sensitive customer data.”

Concerns regarding the potential misuse of sensitive information have been further exacerbated by the threat actor responsible for the breach’s indication that they intend to sell the data in two separate formats. As a result of this occurrence, a broader conversation about the security rules and controls that government contractors must adhere to has been sparked.

Download Free Cybersecurity Planning Checklist 2024 (PDF) – Download Here

Remediation and Future Prevention:

• Security Enhancements: To prevent future breaches, implement stronger security measures, such as advanced encryption, multi-factor authentication, and continuous monitoring systems.
• Review and Update Policies: Reassess and update data protection and cybersecurity policies to align with the latest industry standards and regulatory requirements.
• Employee Training: Provide comprehensive training to employees on recognizing phishing attempts, handling sensitive data securely, and following updated security protocols.
• Monitor for Further Threats: Set up continuous monitoring of systems to detect any further unauthorized access or suspicious activity.
• Follow-up Communication: Keep stakeholders and affected individuals informed about the progress of the investigation and any additional measures taken to secure data.
• Inform Business Partners and Clients: Transparently communicate with business partners and clients who may be affected, detailing the incident and the steps being taken to secure their information and maintain trust.

Follow us on LinkedIn for Exclusive Security Research and Updates.