I stole 20 GB of data from Capgemini – and now I'm leaking it, says cybercrook

Updated A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant – including source code, credentials, and T-Mobile's virtual machine logs.

The French multinational IT and consulting firm did not immediately respond to The Register's request for comment, and has yet to formally confirm or deny the cyber-criminal's claims. We will update this story if and when a spokesperson replies to our inquiries. We had heard rumblings of a recent security breach at Capgemini, which earlier declined to comment on those rumors.

According to a BreachForums post today announcing the leak, a crook who goes by "grep" said they allegedly compromised Capgemini this month and swiped 20GB of data from the biz. This is said to include some databases, source code, private keys, credentials, API keys, projects, employee data, and other information.

In portions of the leaked information reviewed by The Register we could see lists of Capgemini employees with what looks like their names, email addresses, usernames, and password hashes. There were also what appeared to backup archives, and files related to Capgemini clients, including internal configuration details for their cloud infrastructure.

"They had more data but I decided to exfiltrate only big files, company confidential, Terraform, and many more," the thief wrote. As well as offering the stolen data to fellow forum users, grep also shared some select samples, including what's said to be T-Mobile VM logs. Screenshots of the allegedly stolen data posted on X appear to show customer info.

Capgemini generated more than €22 billion (about $24 billion) in revenue in 2023.

• Capgemini wins deal with UK tax collector worth up to £574M
• Capgemini to keep the legacy lights on at HMRC for £245.5M
• Transport for London confirms 5,000 users' bank data exposed, pulls large chunks of IT infra offline
• So you paid a ransom demand … and now the decryptor doesn't work

In July, the consultancy won a controversial UK government contract worth up to £574 million.

Under the lucrative deal, valued between £403 million and £574 million, Capgemini will run legacy tax management systems for His Majesty's Revenue and Customs until 2029.

Both of the services in the contract, Enterprise Tax Management Platform (ETMP) and Enterprise Operations (EOPS), run SAP ECC 6.0, a legacy system from the German software giant that exits mainstream support at the end of 2027. ®

Updated to add

For your information, spokespeople for T-Mobile US have been in touch to say its virtual machines weren't caught up in this leak.

"From what we can tell, we believe this may be a T-Mobile brand outside of the US," a representative told us.

We're happy to pass this on.