fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Accenture Confirms Data Breach After August Ransomware Attack

Accenture Confirms Data Breach After August Ransomware Attack

Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company’s systems in August 2021.

This was revealed in the company’s financial report for the fourth quarter and full fiscal year, which ended on August 31, 2021.

“In the past, we have experienced, and in the future, we may again experience, data security incidents resulting from unauthorized access to our and our service providers’ systems and unauthorized acquisition of our data and our clients’ data including: inadvertent disclosure, misconfiguration of systems, phishing ransomware or malware attacks,” Accenture said.

Also Read: How To Secure Your WiFi Camera: 4 Points To Consider

“During the fourth quarter of fiscal 2021, we identified irregular activity in one of our environments, which included the extraction of proprietary information by a third party, some of which was made available to the public by the third party.

“In addition, our clients have experienced, and may in the future experience, breaches of systems and cloud-based services enabled by or provided by us.”

The LockBit ransomware gang claimed to have stolen six terabytes of data from Accenture’s network and demanded a $50 million ransom.

Sources familiar with the attack also told BleepingComputer that Accenture confirmed the ransomware attack to at least one cyber threat intelligence vendor.

Even though Accenture has now confirmed that the attackers stole information from its systems and leaked it online, the company has not yet publicly acknowledged the data breach outside SEC filings or filed data breach notification letters with relevant authorities.

This likely means that the stolen data didn’t contain any personally identifiable information (PII) or protected health information (PHI) data which would’ve triggered regulatory notification requirements.

LockBit data leak site
LockBit data leak site (BleepingComputer)

Accenture denies claims of stolen customer credentials

The ransomware attack was widely covered at the time, with the IT giant telling BleepingComputer that all affected systems were fully restored from backups, with no impact on Accenture’s operations or its clients’ systems.

In September, the company denied claims made by the LockBit gang that they also stole credentials belonging to Accenture customers that would enable them to compromise their networks.

Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?

Although the threat actors declined to name any victims in conversations with BleepingComputer, they said they had breached and encrypted the systems of an airport using Accenture software.

Their claims align with at least two attacks that led to encrypted systems on the networks of Bangkok Airways and Ethiopian, two airline companies.

Both incidents took place after LockBit compromised the systems of Accenture, allegedly with the help of an insider.

“We have completed a thorough forensic review of documents on the attacked Accenture systems. This [LockBit’s] claim is false,” Accenture told BleepingComputer, denying that customer credentials were stolen in the August ransomware attack.

“As we have stated, there was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat actor, we isolated the affected servers.”

Accenture is a Fortune 500 company and one of the world’s largest IT services and consulting firms with more than 624,000 employees across 120 countries, providing services to a wide array of industry sectors, including banks, government, technology, energy, telecoms, and more.

An Accenture spokesperson replied with the company’s original statement when contacted by BleepingComputer earlier today for more details on the stolen and leaked proprietary information, adding that clients were “fully informed on relevant details about the incident.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us