On June 9, 2023, Leidos filed a notice of data breach with the Attorney General of Montana after learning that confidential consumer data in the company’s possession was subject to unauthorized access. Evidently, the breach involved a vulnerability in software created by Diligent Corporation. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ sensitive information, although the exact data types were not provided. After confirming that consumer data was leaked, Leidos began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from Leidos or Diligent Corp, it is essential you understand what is at risk and what you can do about it. As a third-party data breach, news of the incident may come as a surprise, as consumers may not be aware that either company had their information on file. However, this doesn’t change the reality that victims of the Leidos / Diligent data breach face a significantly increased risk of identity theft. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Leidos data breach, please see our recent piece on the topic here.
What We Know So Far About the Leidos Breach
News of the Leidos data breach is still fresh; however, what we know at this point comes from the company’s filing with the Attorney General of Montana. According to this source, on November 11, 2022, Leidos was notified by Diligent that, due to a vulnerability in Diligent’s software, an unauthorized party was able to access confidential information that had been provided to Leidos. The unauthorized access is believed to have started as early as September 30, 2022.
Additionally, on February 9, 2023, Diligent informed Leidos of a second vulnerability, resulting in an additional period of unauthorized access going back to October 1, 2022. Further investigation confirmed that some of the files that were accessible to the unauthorized party contained confidential consumer information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Leidos began to review the affected files to determine what information was compromised and which consumers were impacted.
Unfortunately, neither Diligent nor Leidos has publicly confirmed what data types were leaked as a result of the recent breach. However, on June 9, 2023, Leidos sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. In these data breach letters, which are addressed to individual victims, Leidos explains what specific information was leaked as it relates to each victim.
More Information About Leidos
Founded in 1969, Leidos is a defense, aviation, information technology, and biomedical research company based out of Reston, Virginia. After merging with Lockheed Martin in 2016, Leidos became the largest IT services provider in the defense industry. Leidos is publicly traded on the New York Stock Exchange under the ticker symbol “LDOS.” Leidos employs more than 45,000 people and generates approximately $14 billion in annual revenue.
