U.S. Government's Most Sensitive Files Hacked, Leading to National Security Concerns

Leidos Holdings Inc., a major IT provider for the U.S. military-industrial complex, experienced a significant cybersecurity breach last week, raising serious concerns about the security of some of the most sensitive files and documents. Though not widely recognized by the general public, Leidos has close ties to key federal agencies such as the Pentagon, NASA, and the Department of Homeland Security (DHS), and it collaborates extensively with defense contractors. In 2022, Leidos secured $4 billion in services under contract, making it the largest federal IT contractor of that year.

Leidos primarily serves the Department of Defense (DOD) and numerous private corporations, with federal contracts comprising 87 percent of its revenue. The recent breach led to the theft of internal documents, although the source of the breach remains unidentified. Analyst Leo Hohmann suggests that this cyberattack exemplifies the nature of modern warfare, which is increasingly fought through digital means rather than traditional methods.

Experts have connected the stolen documents from this breach to two other incidents in 2022 involving Diligent Corp., a platform used by Leidos. Cyber Security News emphasized the significance of this hack, pointing out the vulnerabilities in the cybersecurity protocols of companies handling critical government data.

Bloomberg News examined some of the compromised files, which included various formats such as .zip, .msg, .doc, .jpg, .png, .xls/x, and .pdf, all pertaining to the technical assistance provided by Leidos. However, the specific content and nature of these documents remain undisclosed.

Leidos has not yet issued a public statement regarding the breach, and the company has declined to comment on the stolen information. The hackers responsible have suggested plans to sell the data in multiple formats, heightening concerns about potential national security risks.

This incident has sparked a wider discussion about the security protocols of government contractors. The consequences of such breaches include financial losses, reputational damage, operational disruptions, and legal complications. Established in 2013 and later acquired by Lockheed Martin Corp.'s IT business, Leidos now faces intense scrutiny over its capability to safeguard sensitive information.

Critics have expressed doubts about the government's ability to protect national security, given its struggles to secure its own infrastructure. Additionally, some have drawn connections between Leidos and CrowdStrike, pointing to concerns about servers in Ukraine and broader geopolitical implications.

The rising frequency of cyberattacks on critical establishments raises questions about the potential for more severe threats, such as an EMP attack that could disrupt the entire grid.