Security News > 2024 > April > Acuity confirms hackers stole non-sensitive govt data from GitHub repos
Acuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data.
Acuity is a tech consulting firm with almost 400 employees and a $100+ million annual revenue that provides DevSecOps, cyber security, data analytics, and operations support services to federal civilian national security customers.
The U.S. Department of State told BleepingComputer it's investigating claims of a cyber incident after a threat actor known as IntelBroker leaked allegedly stolen U.S. government and military data on a hacking forum but refused to provide details on the nature and scope of the breach "For security reasons."
"Acuity recently identified a cybersecurity incident related to GitHub repositories that housed dated and non-sensitive information. Immediately upon becoming aware of this zero-day vulnerability, Acuity applied the vendor's security updates and performed mitigating actions in accordance with the vendor's guidance," Acuity CEO Rui Garcia told BleepingComputer on Thursday in an emailed statement.
"After conducting our own analysis and following a third-party cybersecurity expert investigation, Acuity has seen no evidence of impact on any of our clients' sensitive data. In addition to cooperating with law enforcement, Acuity takes the security of its customers' data seriously and is implementing appropriate measures to secure its operations further."
Sangierro, another threat actor involved in the attack, told BleepingComputer the breach occurred on March 7, and they purportedly exploited a vulnerability in an Acuity Tekton CI/CD server to steal GitHub credentials and access their private repositories.