CGI Federal points finger at Atlassian bug for US government data breach

Atlassian software exploit from October 2023 is apparently responsible for the breach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A bug in the Atlassiancollaboration platformis to blame for this week’s US government data breach, affected IT contractor CGI Federal has said.

Theincidentsaw the Government Accountability Office (GAO) reveal over 6,000 current and former employees had been affected as a result of the breach.

It has not been confirmed if the breach affected any other government agencies, so the full extent of the damage is yet to be determined.

Blame it on the buggy

As reported earlier this week, CGI Federal disclosed that it had suffered a data breach at some point during January 2023.

The CGI Federal website states its federal clients, “include nearly every cabinet-level federal agency, military branch, and other federal entities.” A CGI representative recently stated that the company provides its services to “100 participating agencies” while testifying in front of Congress.

In a statement released by CGI Federal, the company said that it was “with authorities and clients to identify and disclose any data affected by the Confluence exploitation.” According to the Cybersecurity & Infrastructure Security Agency (CISA), the Atlassian Confluence exploit wasdiscoveredin October under the vulnerability ID CVE-2023-22515.

In the statement by CISA on the Network Initial Access exploit, the organization stated that they “strongly encourage network administrators to immediately apply the upgrades provided by Atlassian. CISA, FBI, and MS-ISAC also encourage organizations to hunt for malicious activity on their networks using the detection signatures and indicators of compromise (IOCs) in this CSA.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)