Virginia-based SRA International disclosed that hackers were able to access the network to install a virus, which may have compromised such personnel data as names, Social Security numbers, addresses, birth dates and health information, according to a Jan. 20 notification letter sent to the the Maryland Attorney General's Office.
About 1,400 Maryland residents are affected, but it is unclear how many victims there are overall.
The breach is notable because SRA, among its many functions, provides information security services to government agencies. According to the company's website, the firm has 270 information specialists who have embarked on projects with federal agencies such as the Securities and Exchange Commission, Department of Health and Human Services and Environmental Protection Agency.
The company's security team is assisting in the investigation, as is law enforcement and other government authorities, according to the letter.
SRA plans to offer affected individuals free credit monitoring services. A company spokeswoman could not be reached for comment on Wednesday.
SRA generated $1.5 billion in revenue last year, 95 percent of which came from U.S. government clients, according to its annual shareholder report. As of June, the company had about 6,500 employees.