general · BleepingComputer
Accenture, a major IT services and consulting firm, confirmed that it experienced a security breach after a threat actor claimed to have stolen approximately 35 GB of source code and other data from the company. According to reports, the attacker publicly offered the stolen data for sale, prompting Accenture's public acknowledgment of the incident. The company has not disclosed specific details about the attack vector, affected systems, or the full scope of exposed information beyond the claimed data volume.
For Omniware's buyers, this incident underscores the importance of supply-chain security controls. Defense contractors using Accenture for CUI handling or system integration should review their vendor security agreements and assess whether Accenture's breach impacts their CMMC compliance posture. SaaS and fintech firms relying on Accenture for development or infrastructure work should verify that any exposed code or configurations do not compromise their SOC 2 or PCI DSS controls. Healthcare organizations with Accenture involvement should assess HIPAA implications. An Omniware engagement can help determine whether vendor compromise requires notification to your assessors or customers and whether your incident-response procedures account for third-party breaches.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/accenture-confirms-breach-after-hacker-offers-stolen-data-for-sale/
Source: BleepingComputer
All briefings