Critical Infrastructure Security, Breach

GAO breach attributed to Atlassian vulnerability

CyberScoop reports that federal IT contractor CGI Federal revealed that the breach of its systems that resulted in the compromise of data from nearly 6,600 current and former employees at the Government and Accountability Office stemmed from the exploitation of a vulnerability affecting some Atlassian Confluence Data Center and Server versions. Organizations had been warned by the Cybersecurity and Infrastructure Security Agency, the Multi-State Information Sharing and Analysis Center, and the FBI in October regarding the active exploitation of the Atlassian Confluence flaw. Such an alert has prompted CGI Federal to expedite remediation efforts for the security issue, according to CGI Federal spokesperson Mercedes Marx. "As part of its daily operating practices, CGI continuously and immediately addresses all known and emerging vulnerabilities through regular testing and validation of platforms and systems deployed on behalf of all clients," said Marx, who did not provide details as to why notifications regarding the three-month gap between the federal advisory and its notification to the GAO.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.