Analysis Summary

Leidos Holdings, a prominent IT services provider for U.S. government agencies including the Department of Defense, the Department of Homeland Security, and NASA has confirmed that internal data was stolen due to a breach at a third-party vendor.

Leidos emphasized that their network and customer information were not compromised in this incident. The breach traces back to a previous incident involving Diligent Corp, a vendor used by Leidos for hosting internal investigation data.

According to a report, the source of the breach appears to be a compromised system at Diligent Corp which was previously affected by a breach involving its subsidiary Steele Compliance Solutions two years ago. Diligent disclosed that fewer than 15 clients were affected by this incident. A Leidos spokesperson mentioned that necessary notifications about the breach had already been made in 2023.

Diligent promptly notified its impacted customers including Leidos in November 2022 and took immediate corrective actions to contain the breach. The affected data was exfiltrated from Diligent’s system, not from Leidos' network, ensuring that their customer information remained secure.

This incident highlights the ongoing risks associated with third-party vendors and the importance of robust security measures and timely communication. Both Leidos and Diligent have taken steps to address the breach and mitigate any potential impacts, demonstrating the need for constant vigilance in cybersecurity practices.

Impact

• Data Exfiltration
• Sensitive Data Theft

Remediation

• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Emails from unknown senders should always be treated with caution.
• Never trust or open links and attachments received from unknown sources/senders.
• Keep your software up to date. Software updates often include security patches that can help to protect your systems from known vulnerabilities.
• Use strong passwords and multi-factor authentication. This will make it more difficult for attackers to gain access to your systems.
• Back up your data regularly. This will help you to recover if your systems are encrypted by ransomware.
• Deploy robust endpoint security solutions, including antivirus, anti-malware, and intrusion detection systems, to detect and prevent threats like LockBit ransomware.
• Immediately disconnect or isolate the compromised systems from the network to prevent the malware from spreading further. This may involve shutting down affected servers or segments of the network.
• Conduct a thorough investigation to determine the extent of the breach, including identifying which systems and data were compromised.
• Develop a long-term cybersecurity strategy to prevent future incidents, including investing in advanced threat detection and response capabilities.