Accenture: Accenture confirms breach after hacker offers stolen data for sale

Accenture: Accenture confirms breach after hacker offers stolen data for sale

Accenture Confirms Data Breach After Threat Actor Claims Theft of 35GB of Source Code

Global IT services provider Accenture has acknowledged a security breach following claims by a threat actor known as "888" to have stolen 35GB of sensitive data, including source code, encryption keys, and access credentials. The incident, which the actor alleges occurred in July 2026, was first advertised for sale on a cybercrime forum earlier this month.

According to the threat actor, the exfiltrated data includes RSA and SSH keys, Azure Personal Access Tokens (PATs), Azure Storage access keys, and configuration files, alongside source code from an internal repository. A screenshot shared by "888" appears to show the cloning of an Azure DevOps repository named "121123_AtriasTalentAcademy" under an Accenture domain, though the full scope of the breach remains unverified.

In a statement to BleepingComputer, Accenture confirmed the incident but described it as an "isolated matter" that has since been remediated. The company asserted that the breach had "no impact on Accenture operations or service delivery" but did not address whether customer data was compromised or how the attackers gained access.

This is not the first time Accenture has faced such an incident. In 2024, the same threat actor attempted to sell employee data linked to a third-party breach, while in 2021, the LockBit ransomware gang successfully exfiltrated data from the company’s systems.

Accenture has not provided further details on the type or volume of data accessed, nor has it clarified the attack vector. Investigations into the breach are ongoing.

Source: https://www.bleepingcomputer.com/news/security/accenture-confirms-breach-after-hacker-offers-stolen-data-for-sale/

Accenture cybersecurity rating report: https://www.rankiteo.com/company/accenture

"id": "ACC1783463023",
"linkid": "accenture",
"type": "Breach",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Information Technology and Services',
                        'location': 'Global',
                        'name': 'Accenture',
                        'type': 'IT Services Provider'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'file_types_exposed': ['RSA keys',
                                        'SSH keys',
                                        'Azure PATs',
                                        'Azure Storage access keys'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Source code',
                                              'Encryption keys',
                                              'Access credentials',
                                              'Configuration files']},
 'date_detected': '2026-07',
 'description': 'Global IT services provider Accenture confirmed a security '
                "breach after a threat actor known as '888' claimed to have "
                'stolen 35GB of sensitive data, including source code, '
                'encryption keys, and access credentials. The exfiltrated data '
                'includes RSA and SSH keys, Azure Personal Access Tokens '
                '(PATs), Azure Storage access keys, and configuration files, '
                'alongside source code from an internal repository.',
 'impact': {'data_compromised': '35GB of sensitive data, including source '
                                'code, encryption keys, and access credentials',
            'operational_impact': 'No impact on Accenture operations or '
                                  'service delivery',
            'systems_affected': 'Azure DevOps repository'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Advertised for sale on a '
                                                    'cybercrime forum'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial Gain',
 'references': [{'source': 'BleepingComputer'}],
 'response': {'communication_strategy': 'Statement to BleepingComputer',
              'remediation_measures': 'Incident remediated'},
 'threat_actor': '888',
 'title': 'Accenture Data Breach - Threat Actor Claims Theft of 35GB of Source '
          'Code',
 'type': 'Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.