Hackers stole client info, work materials in Accenture ransomware attack

LockBit 2.0 is behind the attack, and Accenture said it discovered the "security incident" on July 30.
(Joan Cros/Corbis via Getty Images)

Ransomware hackers began leaking Accenture data after the consulting giant suffered a security incident where the perpetrators made off with client-related documents and work materials.

The gang, known as LockBit 2.0, has threatened to leak further after providing purported proof of the breach. Accenture acknowledged the attack on Wednesday, but has downplayed its severity.

“Through our security controls and protocols, we identified irregular activity in one of our environments,” an Accenture spokesperson said. “We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from back up. There was no impact on Accenture’s operations, or on our clients’ systems.”

In an internal memo, Accenture said it noticed the “security incident” on July 30.


“While the perpetrators were able to acquire certain documents that reference a small number of clients and certain work materials we had prepared for clients, none of the information is of a highly sensitive nature,” reads the memo.

Even as Accenture said the extent of the harm was minimal, the ransomware attack on the company attracted considerable social media attention and speculation. The Fortune 500 company had $44 billion in revenue in 2020, employs more than half a million people around the globe and does work in the cybersecurity field.

The cyber intelligence firm Cyble tweeted that LockBit 2.0 sought a $50 million ransom for six terabytes of data. Cybercrime intelligence company Hudson Rock tweeted that 2,500 computers of employees and partners were compromised.

The ransomware group’s leak site faulted Accenture’s security.

“These people are beyond privacy and security,” a note read. “I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”


A recent Australian Cyber Security Centre alert warned of an uptick in LockBit activity. It’s a group that typically seeks ransoms in the “high five figures,” according to a profile last month by Emsisoft, a security firm.

Sean Lyngaas and Tonya Riley contributed to this story.

Latest Podcasts