US government data breach linked to Atlassian bug – Security


A US government data breach disclosed earlier this year was tied to a bug in enterprise software maker Atlassian’s Confluence suite of collaboration tools, an IT contractor said.



CGI Federal, an IT contractor and unit of CGI, said in a statement that it was working “with authorities and clients to identify and disclose any data affected by the Confluence exploitation,” which was made public back in October.

Reuters has been unable to determine the size and scope of the breach.

On Monday, the US Government Accountability Office told Reuters that 6000 current and former GAO employees had been victims of a data breach by an unnamed “threat actor” in connection with the hack.

Whether any other government agencies have been affected has not been publicly disclosed.

Atlassian did not immediately respond to a request for comment.

The US cyber watchdog agency, the Cybersecurity and Infrastructure Security Agency, did not immediately return an email.



Source link