Accenture has confirmed that it experienced a security breach after a threat actor claimed to have stolen more than 35 GB of company data and offered the alleged information for sale on a cybercrime forum. The company said it had identified the incident as an isolated matter, remediated its source and that there had been no impact on its operations or service delivery.
Threat actor claims theft of source code and access keys
The claimed breach surfaced after a threat actor using the name “888” posted on a cybercrime forum offering what was described as Accenture data for sale. According to the post, the alleged data includes source code, RSA keys, SSH keys, Azure Personal Access Tokens (PATs), Azure Storage access keys and configuration files.
To support the claims, the threat actor shared a screenshot that appeared to show the cloning of an Azure DevOps repository hosted under an Accenture domain. However, the full scope of the alleged stolen data could not be independently verified. Accenture did not comment on the threat actor’s claims regarding the volume or type of information that may have been accessed or exfiltrated, nor did it disclose how the attackers gained access or whether customer data was affected.
Company says operations remain unaffected
Responding to the incident, Accenture stated that it had remediated the source of the breach and maintained that the matter had not affected its business operations or service delivery.
Security researchers noted that exposure of source code, access keys and configuration files could increase the risk of further cyber attacks by revealing application logic, implementation patterns and potentially exploitable paths within software environments. Depending on the nature and recency of the compromised data, they said the information could also present risks for customers, partners and cloud-based infrastructure.
Latest incident follows earlier security concerns
The latest claims come after previous cybersecurity incidents involving Accenture. The company experienced a LockBit ransomware breach in 2021, while researchers also disclosed a cloud configuration issue in 2017 that reportedly exposed sensitive information. The same threat actor previously claimed to have obtained Accenture employee data through a third-party breach in 2024, an allegation that the company said had been significantly exaggerated.
Accenture has not provided additional details about the latest incident beyond confirming that it was isolated and remediated. The company said there was no impact on its operations, while questions regarding the extent of the alleged data exposure and any possible customer impact remain unanswered.
