recommended reading

Deltek Breach Raises Questions About Widespread Hacking


Details surrounding a recent network breach at the business research and software firm Deltek remain uncertain after the company confirmed the incident exposed sensitive data on tens of thousands of employees of federal contractors.

On March 13, Deltek discovered an intruder had broken into a federal market analysis database called GovWin IQ, the company said. Deltek officials said the attacker accessed the login information for about 80,000 users and the credit card data for up to 25,000 of those individuals. The breach was first reported by Federal News Radio.

"This incident is connected to two large investigations and prosecutions in the District of NJ and the Eastern District of Virginia that involved many other parties and thousands of websites beyond just GovWin IQ,” Patrick Smith, Deltek’s senior vice president for marketing, said in an email. He was referring to U.S. Attorney offices in New Jersey and Virginia, where the firm is based. 

Smith added that an arrest has been made. He referred questions about the suspect's identity and about case names to the FBI. But the FBI would not confirm an arrest or links to other incidents. 

Deltek’s depiction of the situation sounds a lot like a large probe into the activities of alleged British hacker Lauri Love.

The two U.S. Attorney offices are prosecuting Love for breaching thousands of computer systems in the United States and elsewhere, including numerous federal networks. Love is believed to be affiliated with Anonymous, a hacktivist collective. British authorities arrested him in connection with another investigation in October, officials in the New Jersey U.S. Attorney's Office said at the time.

When asked last week whether the Deltek incident was tied to New Jersey's case, U.S. Attorney spokeswoman Rebekah Carmichael said in an email, "There is nothing in the public record in this case that would address the question." She added the investigation is still ongoing.

An October 2013 affidavit filed in Virginia supporting an arrest warrant against Love alleges he broke into the departments of Energy and Health and Human Services, as well as the U.S. Sentencing Commission and the FBI's Regional Computer Forensics Laboratory. The U.S. attorney's office there declined to comment on whether Deltek also was among those affected.  

Public court documents state the U.S. hacks happened between 2012 and 2013. Deltek learned it had been attacked in 2014 but did not indicate when the hack actually occurred. 

New Jersey U.S. Attorney officials announced in October 2013 an indictment against Love for infiltrating systems at the Army, U.S. Missile Defense Agency, NASA and Energy, among other offenses. A May 2013 criminal complaint also mentions an infiltration at the Federal Reserve.

The unsealed court documents do not list private sector victims that sound similar to Deltek. 

A former Deltek employee said it is believed the incident happened in tandem with a series of strikes on government agencies and financial institutions. Private investigators at Mandiant, CrowdStrike and the SANS Internet Storm Center said they could not confirm the widespread hacking described by Deltek. 

Company officials did not disclose the method the attacker used to corrupt GovWin. Court records show Love entered databases through weaknesses in widely-used Adobe ColdFusion software, "SQL injection" attacks, and malicious software. 

(Image via scyther5/

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.