IT services giant Accenture has confirmed a security breach after a threat actor claimed to have stolen approximately 35 GB of data from the company and began offering it for sale on a cybercrime forum.

“We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery,” the company told BleepingComputer. The statement stopped short of addressing the type or volume of data involved, and Accenture did not disclose how the attackers gained access or whether any customer data was affected.

What the Threat Actor Claims

The actor, operating under the handle “888,” posted to a cybercrime forum in July 2026 announcing the sale of what they described as a haul of sensitive materials. According to the post, the stolen dataset includes:

  • Source code
  • RSA and SSH keys
  • Azure personal access tokens (PATs)
  • Azure Storage access keys
  • Configuration files

To support the claim, the actor shared a screenshot appearing to show the cloning of an Azure DevOps repository named “121123_AtriasTalentAcademy,” hosted under a redacted accenture.com hostname. BleepingComputer was unable to independently verify the full scope of the alleged exfiltration.

Context and Prior Incidents

This is not the first time Accenture has faced data exposure incidents. The same threat actor previously attempted to sell Accenture employee data following a third-party breach in 2024. The company also suffered a breach in 2021 when the LockBit ransomware group claimed to have stolen data from its systems.

For security teams, the alleged inclusion of Azure PATs and storage access keys is particularly concerning, as such credentials can enable lateral movement across cloud environments if not promptly rotated. Accenture’s confirmation that the breach source has been remediated suggests the initial access vector has been closed, but the company has not addressed whether exposed credentials have been invalidated or what downstream risk may exist for its clients.