Priya PatelTLDR:
- Federal contractor Acuity confirmed a security breach in its GitHub repository.
- Attackers reportedly leaked non-sensitive and out-of-date documents.
Federal contractor Acuity, known for working with US government organizations, recently disclosed a security breach in its GitHub repository. The breach resulted in the theft of documents containing non-sensitive and out-of-date information. Acuity, a tech consulting company providing services to Federal Civilian Executive Branch Agencies, took swift action to address the cybersecurity vulnerability. The US Department of State has initiated an investigation in response to claims of a cyber incident, with one threat actor, IntelBroker, allegedly leaking stolen US government and military data. The hacker claimed to have obtained sensitive data from various US federal entities, prompting concerns about the disclosure of potentially sensitive material.
Rui Garcia, CEO of Acuity, assured that no compromised sensitive client data was found after internal examination. The company is working on securing its operations further and cooperating with law enforcement. IntelBroker, associated with previous data breaches, claimed to target Acuity in early March, aiming to sell information related to USCIS and ICE. Other hacks attributed to IntelBroker include breaches targeting healthcare plans for US House members and staff, General Electric Aviation, and Hewlett-Packard Enterprise. The incident comes after SurveyLama, a platform monetizing survey completion, was alerted by the data breach notification service Have I Been Pwned about a hacking event affecting 4.4 million users’ data.
Update 8th April 2024 – Statement from Acuity CEO, Rui Garcia: “Acuity recently identified a cybersecurity incident related to GitHub repositories that housed dated and non-sensitive information. Immediately upon becoming aware of this zero-day vulnerability, Acuity applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance. After conducting our own analysis and following a third-party cybersecurity expert investigation, Acuity has seen no evidence of impact on any of our clients’ sensitive data. In addition to cooperating with law enforcement, Acuity takes the security of its customers’ data seriously and is implementing appropriate measures to secure its operations further.”
