Accenture confirmed the invasion of one of its networks and the exfiltration of information by the operators of the LockBit ransomware during a cyber attack in August 2021. The incident was reported in the company’s fourth quarter financial report and annual report for which fiscal year was closed on August 31, 2021.
LockBit operators claimed to have stolen 6TB of data from Accenture’s network and demanded payment of a ransom of $50 million. Although they obtained information from Accenture’s systems and posted it online, the company has not previously disclosed the data breach or sent data breach notification letters to the appropriate authorities. This indicates that the stolen data did not contain any personally identifiable information or protected health information, which would require reporting to regulatory regulators. The company rejected accusations made by LockBit operators that they had also obtained credentials from Accenture customers, which would allow them to attack their networks.
In the past, we have experienced, and in the future, we may experience again, data security incidents resulting from unauthorized access to our systems and those of our service providers and unauthorized acquisition of our data and data from our customers, including: inadvertent disclosure , misconfiguration of systems, phishing ransomware or malware attacks. For example, as previously reported, during the fourth quarter of fiscal year 2021, we identified irregular activity in one of our environments, which included third party extraction of proprietary information, some of which was made publicly available by third parties . In addition, our customers have experienced, and may in the future experience, breaches of cloud-based systems and services enabled by or provided by us. To date, these incidents have not had a material impact on our operations or our customers’ operations; however, there is no guarantee that such impacts will not be material in the future, and such incidents have been in the past and may in the future have the impacts discussed below.
Source: CisoAdvisor
