Capgemini boasts an impressive clients’ roster and says that 85 percent of the companies on the Forbes Global 2000 list are its customers.
A cybercriminal who calls themselves “grep” claims to have broken into Capgemini’s system and stolen 20GB of sensitive information, including databases, source code, credentials, and employee information, reports Cyber Insider.
T-Mobile‘s virtual machine logs, internal project files, and confidential information were also compromised during the data breach, which was first announced through a post on BreachForums. Samples provided by grep include SQL entries mentioning employee credentials and user permissions. The threat actor also siphoned off data on Capgemini employees.
A similar post was also made on a dark web forum, though it’s not clear whether it was authored by grep.
A hacker apparently managed to breach Capgemeni’s system. | Image Credit – cyberundergroundfeed on X
Grep says that they could have stolen even more data, but decided to only go for big, confidential files.
Capgemini hasn’t yet confirmed whether it was breached by hackers. Under the General Data Protection Regulation (GDPR), companies across the European Union, including France, must disclose data breaches within 72 hours of learning about them.
It’s not known whether T-Mobile has been alerted about the break-in and how much of its data was compromised during the breach. While T-Mobile may not be held directly responsible for not doing enough to prevent the data leak, it’s not going to be a good look for the company, which was fined $60 million earlier this year by the Committee on Foreign Investment in the United States (CFIUS) for not being able to prevent unaothorized access to sensitive data between August 2020 and June 2021 and not informing the committee about the issue promptly.
Meanwhile, customers awaiting a payout for the 2021 breach that impacted 76.6 million T-Mobile users will likely receive their share of the settlement fund as soon as matters delaying payments are officially resolved.