Accenture reportedly faced $50M ransomware demand

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

The consulting firm Accenture is reported to have faced $50 million in ransom following an attack this past month, according to cyber risk intelligence companies.

Researchers from the cyber intelligence firm Cyble said on Twitter that the threat actors claimed to have accessed more than six terabytes of data.

“Through our security controls and protocols, we identified irregular activity in one of our environments,” said Accenture in a statement to Healthcare IT News.   

“We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture’s operations, or on our clients’ systems.”

Confusion has swirled around the Accenture security incident over the past week, with the company largely remaining mum about the details.

But a few pieces of information have begun to trickle to the surface.   

For instance, CyberScoop’s Tim Starks reported on Thursday that the attackers, LockBit 2.0, had begun to leak some of their stolen data. Hudson Rock, a cybercrime intelligence data firm, said that 2,500 employee and partner computers had been compromised.  

Starks also quoted from an Accenture internal memo that said the company had noticed the security incident on July 30.  

“While the perpetrators were able to acquire certain documents that reference a small number of clients and certain work materials we had prepared for clients, none of the information is of a highly sensitive nature,” the memo reportedly read.  

Accenture isn’t alone; Cyble tweeted on Monday of this week that five other organizations had been targeted by LockBit in the past 24 hours.  

“LockBit attacks are known for their ability to encrypt Windows domains by using Active Directory group policies,” explained Eleanor Barlow, content manager at SecurityHQ, in a statement to Healthcare IT News

“Once a domain is infected, new group policies are generated by the malware and sent to devices linked to the network. Here, the policies disable the antivirus security and implement the malware.”

Lockbit’s slow release of data suggests that Accenture didn’t pay the $50 million price tag – consistent with federal agencies’ official stance…