Acuity confirms hackers stole non-sensitive govt data from GitHub repos

Acuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data.

Acuity is a tech consulting firm with almost 400 employees and a $100+ million annual revenue that provides DevSecOps, cyber security, data analytics, and operations support services to federal civilian national security customers.

The U.S. Department of State told BleepingComputer it's investigating claims of a cyber incident after a threat actor known as IntelBroker leaked allegedly stolen U.S. government and military data on a hacking forum but refused to provide details on the nature and scope of the breach "for security reasons."

"Acuity recently identified a cybersecurity incident related to GitHub repositories that housed dated and non-sensitive information. Immediately upon becoming aware of this zero-day vulnerability, Acuity applied the vendor's security updates and performed mitigating actions in accordance with the vendor's guidance," Acuity CEO Rui Garcia told BleepingComputer on Thursday in an emailed statement.

"After conducting our own analysis and following a third-party cybersecurity expert investigation, Acuity has seen no evidence of impact on any of our clients' sensitive data. In addition to cooperating with law enforcement, Acuity takes the security of its customers' data seriously and is implementing appropriate measures to secure its operations further."

While the company didn't provide additional info, likely because of the ongoing investigation, IntelBroker (one of the threat actors behind the attack) has leaked thousands of records containing information belonging to Justice Department, State Department, DHS, and FBI employees.

​He also claims they stole Five Eyes intelligence alliance documents, some allegedly containing classified information.

Sangierro, another threat actor involved in the attack, told BleepingComputer the breach occurred on March 7, and they purportedly exploited a vulnerability in an Acuity Tekton CI/CD server to steal GitHub credentials and access their private repositories.

IntelBroker has been leaking data allegedly stolen from or belonging to multiple U.S. government agencies since December, including but not limited to the Immigration and Customs Enforcement (ICE), the Citizenship and Immigration Services (USCIS), the Department of Defense, and the U.S. Army.

He rose to fame after successfully breaching DC Health Link, which administers the healthcare plans of U.S. House members, their staff, and their families.

The threat actor has also taken responsibility for other cyberattacks, including Hewlett Packard Enterprise (HPE) and an alleged breach of General Electric Aviation.