
IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company.
“We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery,” Accenture told BleepingComputer.
Accenture is a global professional services company that provides consulting, technology, cloud, engineering, and managed services to businesses and governments worldwide.
The statement comes after a threat actor known as “888” claimed to have stolen 35 GB of data from the company in July and began offering the data for sale on a cybercrime forum.
“Today I am selling the Accenture Data Breach, thanks for reading and enjoy!,” reads the forum post.
“In July 2026, Accenture suffered a data breach which resulted in just over 35gb of source codes getting stolen from the company.”
According to the threat actor, the data includes source code, RSA keys, SSH keys, Azure PAT (personal access tokens), Azure Storage access keys, and configuration files.

Source: BleepingComputer
To support their claims, the threat actor shared a screenshot that appears to show them cloning an Azure DevOps repository named “121123_AtriasTalentAcademy” that was hosted under a redacted accenture.com hostname. BleepingComputer could not independently verify the full scope of the data being stolen.
While Accenture confirmed the breach, the company did not comment on the threat actor’s claims regarding the amount or type of data that may have been accessed or exfiltrated.
Accenture also did not disclose how attackers gained access or whether customer data was affected.
The same threat actor previously attempted to sell Accenture employee data following a third-party breach in 2024.
Accenture also suffered a data breach in 2021 after the LockBit ransomware gang stole data from its systems.
BleepingComputer has asked Accenture further questions about the breach and will update this story if additional information becomes available.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.


