Accenture confirms data breach after August ransomware attack

Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company’s systems in August 2021.

This was revealed in the company’s financial report for the fourth quarter and full fiscal year, which ended on August 31, 2021.

“In the past, we have experienced, and in the future, we may again experience, data security incidents resulting from unauthorized access to our and our service providers’ systems and unauthorized acquisition of our data and our clients’ data including: inadvertent disclosure, misconfiguration of systems, phishing ransomware or malware attacks,” Accenture said.

“During the fourth quarter of fiscal 2021, we identified irregular activity in one of our environments, which included the extraction of proprietary information by a third party, some of which was made available to the public by the third party.

“In addition, our clients have experienced, and may in the future experience, breaches of systems and cloud-based services enabled by or provided by us.”

The LockBit ransomware gang claimed to have stolen six terabytes of data from Accenture’s network and demanded a $50 million ransom.

Sources familiar with the attack also told BleepingComputer that Accenture confirmed the ransomware attack to at least one cyber threat intelligence vendor.

Even though Accenture has now confirmed that the attackers stole information from its systems and leaked it online, the company has not yet publicly acknowledged the data breach outside SEC filings or filed data breach notification letters with relevant authorities.

This likely means that the stolen data didn’t contain any personally identifiable information (PII) or protected health information (PHI) data which would’ve triggered regulatory notification requirements.

Source: Bleeping Computer

Read the Full Story Here