Cyber Incident Victim: Accenture

In August 2021, Accenture, a global IT consultancy firm valued at $44.3 billion with operations across 50 countries, experienced a ransomware attack attributed to the LockBit 2.0 gang. The threat actors publicly threatened to leak stolen data on their extortion site, setting a countdown timer for publication unless a ransom was paid. LockBit claimed to have exfiltrated six terabytes of data and demanded $50 million, though they did not initially provide proof of the stolen files. The group alleged they gained access through a corporate insider, aligning with Australian government warnings earlier that week about LockBit actively recruiting company insiders to facilitate breaches. Accenture detected the incident through its security controls, identifying irregular activity in one of its environments. The company responded by immediately containing the breach, isolating affected servers, and restoring systems from backups. Accenture stated there was no operational impact on its services or client systems.

The LockBit gang attempted to monetize the attack by offering the data for sale to third parties on their leak site, criticizing Accenture’s security posture. Cybersecurity firm Hudson Rock reported that 2,500 compromised computers belonging to Accenture employees and partners had been exploited, suggesting credential-based access may have played a role. Accenture confirmed the ransomware attack to at least one cyber threat intelligence vendor and began notifying customers. The incident highlighted LockBit’s aggressive tactics, including prior attacks on entities like the UK’s Merseyrail train network. While the exact timeline of initial compromise, data exfiltration methods, and full scope of accessed information remained undisclosed, Accenture’s reliance on backups enabled full system restoration without capitulating to ransom demands. The company maintained business continuity throughout the event.