Atlassian vulnerability linked to GAO data breach, CGI Federal says


CISA issued an alert on the vulnerability impacting the Atlassian tool in October of last year.

A vulnerability in the Atlassian Confluence suite tool that’s widely used throughout the federal government for IT and other employee-facing support services was responsible for a Government Accountability Office breach reported Tuesday, contractor CGI Federal told Nextgov/FCW

GAO was notified of a data breach by CGI last month that impacted some 6,600 people, including current and former GAO employees from 2007 to 2017, as well as some firms that do business with the agency.

The Atlassian vulnerability was called out in an October 2023 Cybersecurity and Infrastructure Security Agency alert that warned of active exploitation of the tool, CGI spokesperson Mercedes Marx said.

“In line with the threat advisory guidance issued by CISA, CGI Federal took immediate remediation actions and continues to work proactively with authorities and clients to identify and disclose any data affected by the Confluence exploitation,” the statement added.

GAO told Nextgov/FCW it is investigating the matter and said it would offer free identity theft monitoring services to affected individuals.

Employee data breaches can create lingering problems for federal agencies. The 2015 hack of the Office of Personnel Management affected about 22 million records connected to employees’ personal data, as well as information about their families. The office had offered three years and up to $1 million worth of protection services, but Congress in 2015 directed the agency to expand the program to cover 10 years and up to $5 million. 

With that protection set to expire in 2026, a pair of House Democrats last week reintroduced a measure that would expand the timeline to cover a victim’s entire life.

Additionally, last year, the Department of Transportation confirmed a data breach that affected some 237,000 current and former employees and contained data on the agency’s benefit system that reimbursed workers for commuting costs.