Accenture Confirms Breach; Attacker Claims 35 GB Stolen
Accenture confirmed a security incident. A threat actor is advertising 35 GB of alleged source code for sale. The volume claim is unverified — treat accordingly.
Breaking. Confidence: mixed. Confirmed — the incident. Unconfirmed — the volume.
Accenture has confirmed a security incident after a threat actor began advertising what they claim is 35 GB of stolen source code and internal data. The company has not corroborated the 35 GB figure. The confirmation, and no more than the confirmation, is the reported fact right now.
Timeline
- 2026-07-07, morning UTC — a threat actor lists the alleged data on a public leak forum. Sample screenshots circulate. Provenance not verified.
- 2026-07-07, later — Accenture issues a short statement acknowledging a security incident and says an investigation is underway. Scope, root cause, and affected systems are not disclosed.
- 2026-07-07, evening UTC — no vendor advisory, no CISA note, no attributed threat-actor claim beyond the forum post itself.
What is and isn’t confirmed
Confirmed (per Accenture’s own statement, via BleepingComputer):
- A security incident occurred.
- An investigation is in progress.
Unconfirmed. Do not treat as fact:
- The 35 GB volume. That number comes from the seller, not the victim.
- That the data is source code. The sample was described in the forum listing; nothing independent has authenticated it.
- Any claim about which systems, subsidiaries, or client engagements are involved. Accenture has not said, and the listing is not a source.
- Attribution. No credible tie to a named group has been reported. The forum handle is not attribution.
That last point matters. Accenture was also hit publicly in August 2021 by LockBit, a separate event, and prior coverage of that incident will surface adjacent to this one. Don’t collapse them.
What we’re watching
- Accenture’s next statement. If it names a system or a business unit, that’s the first real scope signal.
- Whether the samples in the listing are validated by a third party. Until then, treat the 35 GB as a marketing number.
- Whether the actor rotates listings (raising or dropping the price, splitting the archive). That pattern usually means the buyer market is thin — informational, not diagnostic.
- CISA. If this touches U.S. federal contracts, an alert is possible; none as of this writing.
What to do
If you are an Accenture customer, the honest answer is: wait for a written scope statement from them, then act on it. Rotating credentials or revoking access preemptively without knowing what was exposed is expensive and, right now, not directed at anything specific.
If you are not an Accenture customer, this one is a watch item, not a work item. We’ll update as scope becomes real.
Sources: BleepingComputer (2026-07-07). Prior context: BleepingComputer, August 2021.
Found this useful? Share it.


