Apparently they're from an older hack:
A Diligent spokesperson said the leak appeared to be from a 2022 hack affecting its subsidiary business Steele Compliance Solutions, which it acquired in 2021. Fewer than 15 customers, including Leidos, used the product at the time, they added.
Why would hackers not release immediately?