Accenture faces massive data breach that could put clients at risk

Accenture faces massive data breach that could put clients at risk

Accenture faces massive data breach that could put clients at risk

https://www.cybersecuritydive.com/news/accenture-data-breach-access-keys-source-code/824694/

Publish Date: 2026-07-08 11:27:00

Source Domain: www.cybersecuritydive.com

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

A threat actor claims to have stolen a vast trove of sensitive data from the consulting giant Accenture in a recent cyberattack.
The compromised data includes source code, Microsoft Azure personal access tokens, RSA encryption keys and SSH keys, a hacker calling themselves “888” said in a dark-web post shared by Bleeping Computer.
The actor says they hacked roughly 35GB of data from Accenture during the intrusion, which occurred in early July.
Accenture downplayed the incident in a statement to Cybersecurity Dive.
“We are aware of this isolated matter and we have remediated its source,” spokesperson Peter Soh said. “There is no impact to Accenture operations and service delivery.”

The stolen data could put Accenture and its clients at significant risk of further attacks. “Source code can help attackers understand internal application logic, identify weak implementation patterns, and search for hardcoded secrets or exploitable paths in custom systems,” the threat intelligence firm SOCRadar said in an analysis of the incident. Meanwhile, the exposed access keys could let hackers roam freely through code repositories and cloud storage services.
Depending on the recency of the stolen data, the attack could have cascading effects throughout Accenture’s customer base. “Source code and configuration files could help attackers identify vulnerabilities in software used by clients or partners,” SOCRadar analysts wrote.
Accenture declined to answer follow-up questions about these potential consequences.
Part of a breach pattern
Accenture is one of the world’s largest consulting firms, with a client list that includes the vast majority of the Fortune Global 500. But the firm has struggled with cybersecurity in the past. In 2021, the LockBit ransomware gang broke into Accenture’s systems and threatened to release stolen data if the company didn’t pay a ransom. And in 2017, security researchers at UpGuard revealed that Accenture had misconfigured its Amazon Web Services buckets and exposed sensitive data that included nearly 40,000 plaintext passwords and access keys for other cloud services.
The threat actor claiming responsibility for the latest breach is using the same handle, 888, as the hacker who claimed to have stolen a massive Accenture employee database in 2024. At the time, Accenture said that the hacker was vastly exaggerating the incident and that the database contained only information about three of its employees.