CGI Federal says US GAO data breach tied to Atlassian flaw

A US government data breach, disclosed earlier this year, was tied to a bug in enterprise software maker Atlassian's Confluence suite of collaboration tools, an IT contractor said on Tuesday.

CGI Federal, an IT contractor and unit of CGI Inc, said in a statement that it was working "with authorities and clients to identify and disclose any data affected by the Confluence exploitation," which was made public in October.

On Monday, the Government Accountability Office told Reuters that 6,000 current and former GAO employees had been victims of a data breach by an unnamed "threat actor" in connection with the hack.

The size and scope of the breach has not been publicly disclosed, including whether or not any other government agencies have been affected.

Atlassian, an Australian software giant providing products for developers and managers, said in a statement that it had warned customers that hackers were exploiting the bug on October 4th, and that it had been assisting clients with their response.

Other major companies that have since reported breaches related to the Atlassian Confluence data server exploit include global IT services provider Cloudflare and Atlassian subsidiary, Trello, a project management tool provider.

The US cyber watchdog agency, the Cybersecurity and Infrastructure Security Agency (CISA), referred questions back to CGI.

In June 2022, CISA warned of a separate Atlassian zero-day vulnerability, forcing US federal institutions to block all internet traffic to Confluence servers to avoid being exploited.

More from Cybernews:

Trans-Northern Pipelines latest APLHV/BlackCat ransom claim

AI-powered boyfriends are a hit in China

Companies use AI to read private Slack and Teams messages 

Bumblebee malware: on a buzz and back stinging 

Paramount botches Super Bowl livestream: more problems ahead?

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked