Key US government body says it might have been breached, with thousands of employees affected

Pls share this post

Listen to this article

Thousands of US government employees may have had their private data stolen in a breach that happened within a third-party contractor.

Sometime during January 2024, CGI Federal, an IT services provider mostly focused on cybersecurity, suffered a data breach in which threat actors stole sensitive data belonging to about 6,600 employees of the U.S. Government Accountability Office (GAO), Reuters reports

The GAO is a non-partisan government agency that provides auditing, evaluative, and investigative services for the US Congress. It is described as “the supreme audit institution of the federal government of the United States”.

Confirmed attack

Following the incident, CGI Federal sent a breach notification letter to affected individuals, Reuters further reported. In the letter, the company said the attackers stole “names, social security numbers, addresses, and some banking information.” To steal this information, the attackers exploited a vulnerability in an externally provided platform, the letter also said, without explaining further. 

READ ALSO  New malicious PyPl can slither onto your device using sneaky tactics

The data breach was later confirmed to Nextgov by GAO spokesperson Charles Young: “On January 17 of this year, CGI Federal, a contractor involved in GAO’s financial management systems, notified GAO of a data breach impacting approximately 6,600 people, primarily current and former GAO employees from 2007 to 2017, as well as some companies doing business with GAO,” Young said. 

“GAO immediately took steps to begin identifying and notifying the impacted individuals regarding the release of PII (personally identifiable information),” the statement added. 

A CGI representative recently testified in front of the US Congress, during which they said the company provides IT protection for “100 participating agencies”, Reuters said. The representative further elaborated that the State, Justice, Commerce, and Labor departments, all used the company’s services, as well as the Federal Communications Commission (FCC) and the US State for International Development (USAID).

The mobile app for the 'world's biggest casino' had some major security flaws

More from TechRadar Pro


Pls share this post
Previous articleJanuary inflation breakdown: Where are prices still rising the fastest?
Next articleHouse set to vote again on impeaching DHS Secretary Alejandro Mayorkas