Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Deltek suffers cyber attack putting 80,000 employees of vendors at risk
Wednesday - 4/9/2014, 5:42am EDT
In an email to vendors, which Federal News Radio obtained and was confirmed by Deltek, Mike Corkery, the company's president and CEO, said it discovered on March 13 it had suffered a cyber attack where a hacker obtained GovWin IQ usernames and passwords, and potentially the credit card information of about 25,000 of those 80,000 customers.
Deltek said the widespread cyber attack also affected a number of federal agencies and other companies.
"We take the security of our systems seriously," wrote Patrick Smith, Deltek's senior vice president of marketing, in an email response to questions from Federal News Radio. "After discovering the issue, we have worked around the clock to address the problem by taking careful and systematic measures to protect our customers. These include cooperating with law enforcement on this case, working with a leading cybersecurity firm to conduct an investigation into this matter and to make recommendations for how we can minimize the chances of this happening again, strengthening the security of our GovWin IQ solution in multiple ways, and notifying our customers."
Smith said for those 25,000 individuals whose credit cards may have been compromised, Deltek is offering a membership to TransUnion Monitoring at no charge.
Smith wouldn't offer any details on the vulnerability the hackers took advantage of to get into their system.
Corkery said in the email to vendors that law enforcement officials already have made an arrest in the case.
"It is important to note that we have received no indication that your GovWin IQ username and password were misused in any way," Corkery said in the email. "We have remedied the security vulnerability that we believe the hacker exploited in order to gain unauthorized access to our GovWin IQ system. We have increased the overall security of GovWin IQ, including by reviewing and improving our data security procedures and changing our practices for handling personal information."
Smith said in response to this specific situation, Deltek has strengthened its login and password processes and its overall cybersecurity profile.
Corkery said Deltek implemented improvements to the security of its GovWin IQ system Tuesday night, which requires users to change their usernames and passwords the next time they log onto the system. Going forward, he said customers will have to change their passwords every 90 days.
Deltek becomes the latest in a line of federal contractors who have suffered a cyber attack over the last several years. In 2011, Lockheed Martin, L-3 Communications and Northrop Grumman were victims of a cyber breach.
Federal agencies haven't fared well against hackers either — nearly every agency has fallen victim, including the FBI, the Defense Department, the Energy Department and many others.
The attack against Deltek, however, is the first one that has been made public against a company that directly serves federal contractors.
"If you previously used your GovWin IQ login and password to access any other network, financial account, email or social media account, we strongly recommend that you change those passwords immediately as well," Corkery said.
Deltek also set up an email address for users to submit questions: email@example.com.