The Akira ransomware group claims to have breached **Apache OpenOffice**, stealing **23GB of sensitive data**, including **employee records** (physical addresses, phone numbers, driver’s licenses, social security cards, credit card details), **financial records**, **internal confidential files**, and **problem reports** related to the application. The group threatens to leak the data publicly on its dark web site. While the breach remains **unverified** by the Apache Software Foundation, the potential exposure of **employee PII (Personally Identifiable Information)** and **internal corporate documents** poses a significant risk. The attack does not appear to impact **end-users** or the **OpenOffice software distribution system**, as the download infrastructure is separate from the compromised development servers. Akira, a **ransomware-as-a-service (RaaS)** group known for **double extortion** (data theft + encryption), has targeted organizations globally, earning millions in ransom payments. The group’s claim suggests a **targeted breach** aimed at extorting the foundation by leveraging stolen employee and financial data.
Source: https://hackread.com/akira-ransomware-stole-apache-openoffice-data/
TPRM report: https://www.rankiteo.com/company/the-apache-software-foundation
"id": "the2202022103125",
"linkid": "the-apache-software-foundation",
"type": "Ransomware",
"date": "10/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'None (end-users not directly '
'impacted per current '
'information)',
'industry': 'Software Development',
'location': 'Global (HQ: USA)',
'name': 'Apache OpenOffice (Apache Software '
'Foundation)',
'type': 'Non-profit Organization / Open-Source '
'Project'}],
'customer_advisories': 'Users advised to download software only from official '
'sources; no direct impact on end-users reported.',
'data_breach': {'data_exfiltration': 'Claimed: 23GB of data stolen',
'personally_identifiable_information': ['Physical addresses',
'Phone numbers',
'Dates of birth',
'Driver’s licenses',
'Social security '
'cards',
'Credit card '
'information'],
'sensitivity_of_data': 'High (includes PII, financial data, '
'and internal documents)',
'type_of_data_compromised': ['Employee PII',
'Financial records',
'Internal confidential files',
'Application reports']},
'description': 'The Akira ransomware group claims to have breached Apache '
'OpenOffice, a free and open-source office software suite '
'developed by the Apache Software Foundation, and stolen 23GB '
'of sensitive data, including employee records (physical '
'addresses, phone numbers, driver’s licenses, social security '
'cards, credit card information), financial records, internal '
'confidential files, and reports about application issues. The '
'claim is unverified, and Apache has not confirmed the breach. '
'If true, the breach could expose internal development data or '
'contributor information, but end-users are unlikely to be '
'directly affected as the download infrastructure remains '
'separate.',
'impact': {'brand_reputation_impact': 'Potential reputational damage if '
'breach is confirmed',
'data_compromised': ['Employee records (addresses, phones, DOB, '
'driver’s licenses, social security cards, '
'credit card information)',
'Financial records',
'Internal confidential files',
'Application problem reports'],
'identity_theft_risk': 'High (if employee PII is exposed)',
'payment_information_risk': 'High (credit card information '
'allegedly stolen)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Claimed data leak on '
'Akira’s dark web site '
'(23GB)'},
'investigation_status': 'Unverified; Apache Software Foundation has not '
'confirmed the breach.',
'motivation': ['Financial Gain', 'Data Theft', 'Extortion'],
'ransomware': {'data_exfiltration': 'Claimed: 23GB of data exfiltrated',
'ransomware_strain': 'Akira'},
'recommendations': ['Download Apache OpenOffice only from the official '
'website to avoid third-party risks.',
'Monitor for official updates from the Apache Software '
'Foundation regarding the breach claim.',
'Review internal security measures for open-source '
'projects to prevent unauthorized access.'],
'references': [{'source': 'Hackread.com'}],
'response': {'communication_strategy': 'Apache Software Foundation has not '
'issued a public statement; media '
'(Hackread.com) has reached out for '
'comment.'},
'threat_actor': 'Akira Ransomware Group',
'title': 'Alleged Akira Ransomware Breach of Apache OpenOffice',
'type': ['Data Breach', 'Ransomware Attack (Unverified)']}