Accenture sheds more light on August data breach


Accenture confirmed that threat actors connected to the LockBit ransomware group stole and leaked proprietary company info and breached prospects methods.

The disclosure was built Friday in the firm’s required yearly 10-K report with the U.S. Securities and Trade Fee the filing was initially noticed by Bleeping Personal computer. The money examination features a checklist of possibility factors, this sort of as competing firms or international economic conditions, that could finish up adversely impacting the firm’s stock cost.

Buried among that listing of pitfalls was discussion about how a information breach could effects equally Accenture’s individual organization as well as that of its buyers.

“In the course of the fourth quarter of fiscal 2021, we recognized irregular activity in a single of our environments, which involved the extraction of proprietary information and facts by a 3rd party, some of which was made accessible to the community by the third social gathering. In addition, our consumers have skilled, and may in the foreseeable future experience, breaches of methods and cloud-based expert services enabled by or presented by us,” Accenture noted.

“To day these incidents have not had a product influence on our or our clients’ operations however, there is no assurance that these impacts will not be materials in the potential, and these types of incidents have in the past and may well in the foreseeable future have the impacts mentioned down below.”

That “irregular exercise” was in fact the August breach of Accenture’s interior community by hackers who were being ready to obtain some info. The hackers, who had been working the LockBit ransomware-as-a-company method. Immediately after failing to extract the requested ransom payment from Accenture, the hackers at some point dumped the pilfered information on-line.

Even though Accenture has admitted that the attackers ended up in a position to get into its networks and obtain some company info, the IT consultancy had explained no shopper methods had been impacted.

“We right away contained the make a difference and isolated the affected servers. We absolutely restored our afflicted programs from backup,” a spokesperson told SearchSecurity back in August. 

“There was no affect on Accenture’s functions or on our clients’ programs.”

Accenture is not by itself in slipping victim to ransomware assaults and info breaches. Contrary to the previous generation of ransomware crews that merely encrypted methods and demanded payment for decryption keys, groups these kinds of as LockBit just take things a phase additional by also stealing knowledge from organizations and releasing it on the net should the business not pay back its ransom in the allotted time.