|
The GAO, a research arm of Congress, said in a statement the
data involved personally identifiable information on employees
including some people who worked there from 2007 to 2017.
A breach notification letter seen by Reuters said that the data
contained "names, social security numbers, addresses, and some
banking information." The letter said the breach had been
carried out by a "threat actor exploiting a vulnerability in an
externally provided platform" but didn't delve into specifics.
GAO spokesperson Chuck Young said his agency was notified about
the breach on Jan. 17 but referred questions about its impact to
CGI. CGI Federal did not immediately return messages seeking
comment.
CGI, which has pivoted toward cybersecurity in recent years, has
a host of contracts with the federal government. In recent
congressional testimony, a CGI official said that the company
has provided IT protection for "100 participating agencies"
through the U.S. cybersecurity agency tasked with protecting
federal networks.
In the same testimony, GCI said it provided cybersecurity
services the State, Justice, Commerce, and Labor departments as
well as the Federal Communications Commission and the United
States Agency for International Development.
The cybersecurity agency did not immediately respond to a
request for comment about CGI. The FBI did not immediately
return emails.
(Reporting by Raphael Satter. Additional reporting by
Christopher Bing and Douglas Gillison in Washington; Editing by
Cynthia Osterman and Lisa Shumaker)
[© 2024 Thomson Reuters. All rights
reserved.]
Copyright 2022 Reuters. All rights reserved. This material may
not be published, broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
