
Accenture has confirmed an "isolated matter" after a cybercriminal put up for sale what they allege is 35GB of the consulting giant's internal data, including source code, cryptographic keys, and cloud credentials. The listing, seen by The Register, appeared on a cybercrime forum on July 6 under the title "Accenture Data Breach," posted by a user with the handle "888." The seller claimed the stolen archive contained source code alongside RSA keys, SSH keys, Azure Personal Access Tokens (PATs), Azure Storage access keys, configuration files, and other technical material. Today I am selling the Accenture Data Breach, thanks for reading and enjoy!" the cyber baddie wrote. To back up the claim, the seller published what appeared to be a screenshot of a cloned Azure DevOps repository named "121123_AtriasTalentAcademy," hosted under a censored accenture.com domain. The post also advertised the dataset for sale in exchange for Monero. Accenture confirmed to The Register that it had investigated the matter, although it stopped well short of describing it as a breach. "We are aware of this isolated matter and we have remediated its source," Accenture spokesperson Andy Rowlands said. "There is no impact to Accenture operations and service delivery." The Register asked how the compromise occurred, what systems were affected, and exactly what data was taken. Accenture did not respond. If the allegedly stolen files are authentic, this isn't somebody flogging old HR spreadsheets. Source code, private keys, access tokens, and cloud credentials are exactly the sort of material attackers prize because they can open doors into other systems if they haven't already been revoked. Threat intelligence firm SOCRadar noted that the same threat actorcyber criminals previously claimed responsibility for another Accenture-related incident in 2024, alleging that data connected to more than 32,000 current and former employees had been exposed through a third-party compromise. Whether that earlier claim was genuine remains unclear. So far, Accenture is keeping the technical details to itself. Whether this was a single exposed repository or something with a longer tail is anyone's guess until the company decides to say more. (R)