U.S. Government Accountability Office reports third party data breach

The U.S. Government Accountability Office (GAO), the research arm of Congress, reported a data breach impacting approximately 6,000 of its current and former employees.

The security incident was disclosed to the GAO by CGI Federal, an IT contractor and a subsidiary of CGI Inc. This breach was reported to the GAO on January 17, following the discovery that a "threat actor" had exploited a vulnerability in an externally provided platform utilized by CGI Federal.

The breach caused unauthorized access to personally identifiable information (PII) of individuals employed by the GAO between 2007 and 2017. The compromised data includes:

• names,
• social security numbers,
• addresses,
• some banking details of affected employees.

Update - The breach t Government Accountability Office (GAO) it suspected to be caused by Atlassian's Confluence vulnerability.

Despite the notification, specifics regarding the vulnerability or the manner in which the breach was executed have not been detailed publicly. CGI Federal had not provided a comment on the breach.