Accenture, a global IT consulting firm, has acknowledged that LockBit ransomware attackers acquired data from their systems during a cyberattack in August 2021.
This incident was reported in the company’s fourth-quarter and full-year financial report, which concluded on August 31, 2021.
Accenture said that illegal access to their own and their service providers’ systems, as well as the unauthorized acquisition of their own and their customers’ data, had resulted in data security issues in the past and might happen again in the future. These include inadvertent disclosure, system misconfiguration, phishing, ransomware, or malware attacks.
They discovered unusual behavior in one of their settings during the fourth quarter of fiscal 2021. It involved the third party’s extraction of confidential information, some of which was made public by the third party.
Furthermore, their clients have had, and may have in the future, breaches of systems and cloud-based services enabled or provided by them.
The LockBit ransomware group claimed to have stolen 6TB of data from Accenture’s network and demanded a ransom payment of $50 million.
Although the attackers took information from Accenture’s systems and released it online, the business has not officially disclosed the data breach outside of SEC filings or submitted data breach notification letters with the appropriate authorities.
This indicates that the stolen data did not contain any personally identifiable information (PII) or protected health information (PHI) that would have necessitated regulatory reporting.
The company rejected accusations made by the LockBit gang in September that they also obtained credentials belonging to Accenture clients that would allow them to attack their networks.
Despite the threat actors’ refusal to disclose any victims, they claimed to have hacked and encrypted an airport’s systems using Accenture software.
According to their allegations, at least two attacks on Bangkok Airways and Ethiopian Airlines’ networks resulted in encrypted systems. Both instances occurred when LockBit, reportedly with the aid of an insider, breached Accenture’s systems.
Accenture has clarified that its operations and client’s systems were unaffected. They isolated the vulnerable systems as soon as they discovered the presence of this malicious attacker.