A recent data breach within the U.S. government, which came to light earlier this year, has been traced back to a bug in the Confluence suite of collaboration tools developed by enterprise software maker Atlassian (TEAM.O), an IT contractor disclosed on Tuesday.
CGI Federal, a subsidiary of CGI Inc (GIBa.TO), stated in a release that it is collaborating with authorities and clients to identify and disclose any data affected by the Confluence exploitation, which was publicly disclosed in October.
The full extent of the breach, both in terms of size and scope, remains undetermined. The Government Accountability Office (GAO) informed Reuters on Monday that approximately 6,000 current and former GAO employees were impacted by the breach, orchestrated by an undisclosed “threat actor” in connection with the hack. However, whether other government agencies have been similarly affected has not been publicly disclosed.
Atlassian acknowledged in a statement that it had alerted customers about the exploitation of the bug on October 4th and had been actively assisting clients in their response efforts. Meanwhile, the U.S. cyber watchdog agency, the Cybersecurity and Infrastructure Security Agency, deferred queries back to CGI.
This revelation underscores the persistent challenges faced by governments and organizations in safeguarding sensitive data amidst evolving cyber threats. As investigations continue, stakeholders are urged to remain vigilant and proactive in fortifying their cybersecurity measures against potential breaches and exploits.