Accenture Discloses It Had Suffered Data Breach Following a Ransomware Attack
The LockBit Ransomware Gang Hit the Company in August 2021.
Accenture, an Irish-based multinational professional services company that specializes in IT services and consulting, confirmed it suffered a data breach as a result of a ransomware attack carried out by LockBit threat actors in August 2021.
With more than 624,000 employees in 120 countries, Accenture is a Fortune 500 corporation and one of the world’s leading IT services and consulting firms, offering services to a wide range of industries, including banking, government, technology, energy, telecommunications, and more.
Accenture Confirms Data Breach
The company’s financial report for the fourth quarter and full fiscal year, which ended on August 31, 2021, included information regarding the incident.
In the past, we have experienced, and in the future, we may again experience, data security incidents resulting from unauthorized access to our and our service providers’ systems and unauthorized acquisition of our data and our clients’ data including inadvertent disclosure, misconfiguration of systems, phishing ransomware or malware attacks.
During the fourth quarter of fiscal 2021, we identified irregular activity in one of our environments, which included the extraction of proprietary information by a third party, some of which was made available to the public by the third party.
In addition, our clients have experienced, and may in the future experience, breaches of systems and cloud-based services enabled by or provided by us.
During the ransomware attack, the LockBit threat actors have allegedly gained databases of over 6TB and demanded a $50M ransom.
As we said in the article about the Accenture ransomware incident, the company had confirmed the attack to at least one cyber threat intelligence CTI vendor.
Despite the fact that the IT giant has confirmed that the intruders stole data from its systems and made them public, Accenture didn’t publicly acknowledge the data breach outside SEC filings nor filed data breach notification letters with relevant authorities.
This indicates that the stolen information did not include any personally identifiable information (PII) or protected health information (PHI) that would have required regulatory notification.
At the moment of the incident, Accenture told BleepingComputer that it contained the issue and isolated the impacted servers as soon as they learned about the attack. The company added that it fully restored its affected systems from backup, and there was no impact on Accenture’s operations or its clients’ systems.
The Bangkok Airways Incident
At the beginning of September, Bangkok Airways confirmed being a victim of an attack conducted by LockBit threat actor. During the attack, the cybercriminals allegedly accessed personal data belonging to passengers.
According to BleepingComputer the data that was leaked during the attack included full names, nationality, gender, phone numbers, email, and physical addresses, passport info, historical travel data, partial credit card info, and special meal details.
The threat actor disclosed the fact that the Accenture breach allowed them to have access to credentials able to enable them to go after the company customers.
When contacted, an Accenture representative told BleepingComputer that all the impacted clients were “fully informed on relevant details about the incident.”