Accenture confirms data breach after August ransomware attack

Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems in August 2021.

This was revealed in the company's financial report for the fourth quarter and full fiscal year, which ended on August 31, 2021.

"In the past, we have experienced, and in the future, we may again experience, data security incidents resulting from unauthorized access to our and our service providers’ systems and unauthorized acquisition of our data and our clients’ data including: inadvertent disclosure, misconfiguration of systems, phishing ransomware or malware attacks," Accenture said.

"During the fourth quarter of fiscal 2021, we identified irregular activity in one of our environments, which included the extraction of proprietary information by a third party, some of which was made available to the public by the third party.

"In addition, our clients have experienced, and may in the future experience, breaches of systems and cloud-based services enabled by or provided by us."

The LockBit ransomware gang claimed to have stolen six terabytes of data from Accenture's network and demanded a $50 million ransom.

Sources familiar with the attack also told BleepingComputer that Accenture confirmed the ransomware attack to at least one cyber threat intelligence vendor.

Even though Accenture has now confirmed that the attackers stole information from its systems and leaked it online, the company has not yet publicly acknowledged the data breach outside SEC filings or filed data breach notification letters with relevant authorities.

This likely means that the stolen data didn't contain any personally identifiable information (PII) or protected health information (PHI) data which would've triggered regulatory notification requirements.

Accenture denies claims of stolen customer credentials

The ransomware attack was widely covered at the time, with the IT giant telling BleepingComputer that all affected systems were fully restored from backups, with no impact on Accenture's operations or its clients' systems.

In September, the company denied claims made by the LockBit gang that they also stole credentials belonging to Accenture customers that would enable them to compromise their networks.

Although the threat actors declined to name any victims in conversations with BleepingComputer, they said they had breached and encrypted the systems of an airport using Accenture software.

Their claims align with at least two attacks that led to encrypted systems on the networks of Bangkok Airways and Ethiopian, two airline companies.

Both incidents took place after LockBit compromised the systems of Accenture, allegedly with the help of an insider.

"We have completed a thorough forensic review of documents on the attacked Accenture systems. This [LockBit's] claim is false," Accenture told BleepingComputer, denying that customer credentials were stolen in the August ransomware attack.

"As we have stated, there was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat actor, we isolated the affected servers."

Accenture is a Fortune 500 company and one of the world's largest IT services and consulting firms with more than 624,000 employees across 120 countries, providing services to a wide array of industry sectors, including banks, government, technology, energy, telecoms, and more.

An Accenture spokesperson replied with the company's original statement when contacted by BleepingComputer earlier today for more details on the stolen and leaked proprietary information, adding that clients were "fully informed on relevant details about the incident."