Helpful Articles

Diligent Corporation Software Vulnerability Causes Leidos Data Breach

After key details came out in the internal Leidos data breach investigation, the company notified the Attorney General of Montana about the data breach. This took place on June 9, 2023, but the breaches occurred as far back as September and October 2022. The apparent cause was a vulnerability in software that Diligent Corporation provided to Leidos, and the leak went undiscovered for months. In the meantime, an unknown number of names, Social Security numbers, and other personal data may have been compromised. 

Not only have many people been put at an increased risk of identity theft, but Leidos took more than seven months to inform the damaged parties. Every day counts when your personal information is compromised, and it’s normal for companies to report data breaches in three months or less. If you were affected and want to consider a Leidos data breach lawsuit, call the law firm of Console & Associates, P.C., at 866-778-5500 or send an email to 

Learn more about the Leidos data breach here:

Key Details of the Leidos Breach

The first party in the situation to become aware of a breach was Diligent Corporation, the company that provided Leidos with the vulnerable software. Diligent informed Leidos of an unauthorized party accessing the software in question on November 11, 2022. By this point, a breach had occurred as early as September 30, 2022.

However, Leidos also experienced a second breach. Diligent informed Leidos of the event on February 9, 2023. A second unauthorized access may have occurred on October 1, 2022, and Diligent wasn’t aware of the breach when it made the first report. 

At this point, the internal Leidos data breach investigation continued fully to June 9, 2023. It discovered that sensitive customer data had been stolen, although Leidos has not yet publicized details. According to Montana’s data breach reporting regulations, this means that compromised information may include, but not be limited to:

  • Social Security numbers

  • ID numbers

  • Taxpayer information

  • Financial account information

About Leidos

Leidos is a Reston, Virginia-based company involved in information technology, aviation, defense, and biomedical research. The company was founded in 1969 and became the defense industry’s largest IT company after a merger with Lockheed Martin in 2016. The company has more than 45,000 employees and generates an annual revenue of around $14 billion. 

What To Do After Receiving a Data Breach Letter

While filing the notice with the Attorney General of Montana, Leidos also sent out data breach letters to the affected customers. These explained the situation, the type of data that was part of the leak, and made further recommendations to each individual recipient. 

If you received a data breach letter, you should opt-in to any identity protection services it might offer. While it won’t offer comprehensive protection, it also won’t jeopardize your chances of mounting a successful lawsuit. Next up, follow the steps in this “Guide for Victims of Data Breach” article and schedule a free consultation with the law firm of Console & Associates, P.C.

At the moment, the experienced data breach lawyers are offering free consultations and investigating the Leidos data breach. Lawsuits can be an important way for data breach victims to find restitution if any negligence played a role in the breach. Complete our online form or give us a call at 866-778-5500 or send an email to to get on your path toward justice.

About the Author
Richard Console
Posted - 06/15/2023