Excerpt from ITPro Article, Published on Sep 16, 2024.
A cybercriminal has allegedly breached Capgemini’s network, exfiltrating 20 GB of sensitive data, including T-Mobile’s virtual machine (VM) logs. The breach was first reported on the BreachForums message board by a hacker named ‘greb,’ who claimed to have accessed databases, source code, private keys, employee information, threat reports, API keys, and credentials. One of the samples provided reportedly shows log files generated by T-Mobile VMs. This incident underscores growing concerns about third-party risks and supply chain attacks.
While T-Mobile has stated that no U.S. data was affected, and the VM logs are linked to a non-U.S. brand, Capgemini has yet to confirm the intrusion. The attack raises serious questions about cybersecurity in the IT services sector. Despite being a major player in digital transformation, Capgemini now faces scrutiny over its security measures.
The breach highlights the importance of securing sensitive client information, especially in light of GDPR requirements that mandate notification within 72 hours of confirming an attack. With a market cap of $36.28 billion, Capgemini serves numerous clients across various industries, making the data breach a significant concern. The company’s recent win of a UK government contract for managing legacy tax systems adds to the gravity of this situation.
As Capgemini investigates the incident, the breach serves as a reminder of the need for robust cybersecurity practices to protect against unauthorized access and data theft, especially for firms handling sensitive information for global clients.
To delve deeper into this topic, please read the full article on ITPro.