In a concerning cybersecurity incident, hackers have leaked internal documents from Leidos Holdings Inc., a major IT services provider for the U.S. government.

Leidos Holdings, based in Virginia, is a critical contractor for various US government agencies, including the Pentagon, NASA, and the Department of Homeland Security. According to Bloomberg, the leak stems from a 2022 security incident at Diligent Corporation’s subsidiary, Steele Compliance Solutions, which it acquired in 2021.

The nature of the leaked documents and Leidos’ extensive government contracts raise concerns about potential security implications. However, Leidos has assured that the breach didn’t affect its network or compromise sensitive customer data. The full extent of the breach and the sensitivity of the leaked information remain unclear.

Leidos Holdings Inc. has acknowledged the data breach and is investigating the incident.

“We have confirmed that this stems from a previous incident affecting a third-party vendor for which all necessary notifications were made in 2023,” Leidos said in a statement. “This incident did not affect our network or any sensitive customer data.”

Diligent Corporation also addressed the incident.

“In November 2022, upon identification of the incident, we promptly notified impacted customers and took immediate corrective action to contain the incident,” a Diligent spokesperson told The Register. “This incident did not impact Diligent Boards or any of our other products.”

The company further emphasized its commitment to security:

“We take security very seriously and believe we have taken the necessary steps to ensure any acquired company meets the same standard that our clients expect in a Diligent product,” Diligent said.