Federal contractor suffers data breach

Sirius Federal, a subsidiary of tech services giant CDW-G, has been hacked. THe attackers behind the breach accessed thousands of people’s sensitive details, including medical records.

The company provides the US federal government with digital government solutions: the General Services Administration and the Department of Defense’s Enterprise Software Initiative are listed as being among its contracts.

According to a breach notification letter sent by Sirius Federal to victims, attackers breached its “internal environment” on July 31st, 2023, and were detected on August 2nd.

The company told the Maine Attorney General, which imposes strict reporting requirements on organizations suffering data breaches that affect its residents, that 3,266 people were exposed in the attack. Not all of these reside in Maine.

Sirius Federal claims malicious actors accessed data held on its internal servers. According to the breach notification, the exposed data may have included:

In the hands of a malicious actor, the information could provide various attack vectors: for instance, criminals could use the data for identity theft or spear phishing and other types of fraud.

The company says it will provide victims with two years of free credit monitoring and identity protection services.

Sirius Federal became a subsidiary of CDW-G in 2021 after the tech services giant acquired it. CDW-G itself is a subsidiary of CDW, dedicated solely to government contracts.

Meanwhile, CDW provides technology products and services to business, government, and educational institutions. It employs over 15,000 people and reported revenues exceeding $23.7 billion in 2022.