Capgemini, a multinational IT and consulting firm, is currently facing a serious data breach after a cybercriminal claimed to have accessed and released a significant amount of stolen data. The breach reportedly includes sensitive information such as source code, credentials, and T-Mobile’s virtual machine logs.
Although Capgemini has not officially responded to the claims made by the cybercriminal, it is said that the stolen data amounts to 20GB and includes databases, private keys, API keys, employee data, and more. The leaked information also contains lists of Capgemini employees with their names, email addresses, usernames, and password hashes, as well as backup archives and files related to Capgemini clients.
The thief, who goes by the username “grep,” shared some of the stolen data on a forum, offering it to other users. Screenshots of the leaked data suggest that customer information, including T-Mobile VM logs, may have been compromised. Capgemini, which generated over €22 billion in revenue in 2023, has been involved in high-value contracts with government agencies, such as a recent deal with the UK tax collector worth up to £574 million.
This breach raises concerns about the security measures in place at Capgemini and the protection of sensitive data belonging to both the company and its clients. With the increasing frequency of cyberattacks targeting businesses of all sizes, it is essential for organizations to prioritize cybersecurity and invest in robust defense mechanisms to safeguard against potential threats.
As the story continues to unfold, it is crucial for Capgemini to address the breach promptly, investigate the extent of the data exposure, and take necessary steps to prevent similar incidents in the future. The impact of this breach on the company’s reputation and relationships with clients remains to be seen, but rebuilding trust and ensuring data security should be top priorities for Capgemini moving forward.