A threat actor using the alias '303' allegedly breached Deloitte's systems and leaked sensitive internal data on a dark web forum. The breach involves GitHub credentials and source code from internal project repositories belonging to Deloitte’s U.S. consulting division. The leaked data includes GitHub credentials that could potentially grant unauthorized access to Deloitte’s internal development infrastructure, as well as source code from proprietary projects. This incident adds to Deloitte’s ongoing cybersecurity challenges, with multiple breach allegations in recent months.
Source: https://cybersecuritynews.com/deloitte-data-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/deloitte
"id": "del716053025",
"linkid": "deloitte",
"type": "Breach",
"date": "5/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Consulting',
'location': 'United States',
'name': 'Deloitte',
'type': 'Consulting Firm'}],
'attack_vector': 'Credential Theft, Data Exfiltration',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': 'Source code files',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'GitHub credentials, source code'},
'description': "A threat actor using the alias '303' allegedly claimed to "
'have breached the company’s systems and leaked sensitive '
'internal data on a dark web forum.',
'impact': {'data_compromised': 'GitHub credentials, source code from internal '
'project repositories'},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': 'GitHub credentials'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Cybersecurity monitoring services'}],
'threat_actor': '303',
'title': "Alleged Data Breach by Threat Actor '303'",
'type': 'Data Breach',
'vulnerability_exploited': 'GitHub Credentials'}