IT contractor CGI Federal says US government data breach was tied to Atlassian bug

Send a link to a friend  Share

[February 14, 2024]  By Raphael Satter
 
WASHINGTON (Reuters) -A U.S. government data breach disclosed earlier this year was tied to a bug in enterprise software maker Atlassian's Confluence suite of collaboration tools, an IT contractor said on Tuesday. 

A hand is seen on a laptop with binary codes displayed in front of the USA flag in this illustration taken, August 19, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

CGI Federal, an IT contractor and unit of CGI Inc, said in a statement that it was working "with authorities and clients to identify and disclose any data affected by the Confluence exploitation," which was made public in October.

Reuters has been unable to determine the size and scope of the breach. On Monday, the Government Accountability Office told Reuters that 6,000 current and former GAO employees had been victims of a data breach by an unnamed "threat actor" in connection with the hack. Whether any other government agencies have been affected has not been publicly disclosed.

Atlassian said in a statement that it had warned customers that hackers were exploiting the bug on Oct. 4 and that it had been assisting clients with their response. The U.S. cyber watchdog agency, the Cybersecurity and Infrastructure Security Agency, referred questions back to CGI.

(Reporting by Raphael Satter in WashingtonEditing by Matthew Lewis, Chizu Nomiyama and Lisa Shumaker)

[© 2024 Thomson Reuters. All rights reserved.]

Copyright 2022 Reuters. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.  Thompson Reuters is solely responsible for this content.

 

 

Back to top