The US Government Accountability Office (GAO) said the sensitive information of 6,000 current and former GAO employees was compromised in the January breach of third-party government contractor CGI Federal.
The GAO said Monday that CGI Federal, an IT contractor and unit of CGI Inc notified the agency of a data breach last month.
The GAO, a research arm of Congress, said in a statement the data involved personally identifiable information on employees including some people who worked there from 2007 to 2017.
A breach notification letter seen by Reuters said that the data contained "names, social security numbers, addresses, and some banking information."
The letter said the breach had been carried out by a "threat actor exploiting a vulnerability in an externally provided platform" but didn't delve into specifics.
GAO spokesperson Chuck Young said his agency was notified about the breach on January 17th but referred questions about its impact to CGI. CGI Federal did not immediately return messages seeking comment.
CGI, which has pivoted toward cybersecurity in recent years, has a host of contracts with the federal government.
In recent congressional testimony, a CGI official said that the company has provided IT protection for "100 participating agencies" through the US cybersecurity agency tasked with protecting federal networks.
In the same testimony, CGI said it provided cybersecurity services the State, Justice, Commerce, and Labor departments as well as the Federal Communications Commission and the United States Agency for International Development.
The cybersecurity agency did not immediately respond to a request for comment about CGI. The FBI did not immediately return emails.
Your email address will not be published. Required fields are markedmarked