T-Mobile’s VM logs allegedly leaked in 20 GB Capgemini data breach
The attacker claims to have stolen databases, source code, credentials, private keys, as well as log files generated by virtual machines belonging to T-Mobile
A cyber criminal has claimed to have exfiltrated sensitive data, including T-Mobile’s virtual machine (VM) logs, from French IT services firm Capgemini.
According to a post on popular hacking message board BreachForums, the perpetrator – who goes by the name ‘greb’ – gained access to Capgemini’s network earlier this month.
The attacker claims they were able to steal 20 GB of data, including a number of databases, source code, private keys, employee information, threat reports, API keys, and credentials.
One of the data samples provided by greb appears to show log files allegedly generated by VMs belonging to T-Mobile.
If confirmed, this would mark the latest in a series of incidents where internal company information has been leaked following a supply chain breach. The news underlines growing security concerns around third party risk and supply chain attacks across the sector.
ITPro has approached T-Mobile for comment on this development. A spokesperson from T-Mobile US denied any of its data was affected in the alleged attack, stating the VM logs belong to a T-Mobile brand outside of the US.
Capgemini is a French multinational IT services and consulting company headquartered in Paris. The firm offers digital covering cloud, AI, cybersecurity, and engineering.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The company’s market cap currently sits at $36.28 billion (£27.49 billion), making it the 560th most valuable company in the world according to market data, generating $22.5 billion (£17.05 billion) in revenue in 2023.
The firm recently won a UK government tender contract to run the HMRC’s legacy tax management systems until 2029, said to be worth up to $750 million (£568 million).
The contract to provide these services was opened up to offers after it was announced the software used for the current system, SAP ECC6.0, will exit mainstream support by the end of 2027.
Capgemini yet to confirm cyber intrusion
The breach has appeared on other dark web hacking forums posted by users under different monikers.
Notably, in one listing the attacker claimed they could have stolen more data during the period of unauthorized access to Capgemini’s network, but chose to only exfiltrate larger files.
A threat actor on a #Darkweb forum allegedly breached #CapGemini #France in September 2024, exposing 20GB of data, including Database, Source code, Private Keys, Credentials, API Keys, Projects, Employee Data, T-Mobile's VM logs, and more.Capgemini is a global IT services… pic.twitter.com/IyMUxZeTy9September 11, 2024
“They had more data but I decided to exfiltrate only big files, company confidential, terraform and many more.”
It is not clear if this post was made by the initial poster greb reposting their exploits to gain further publicity, which they could leverage for potential ransom negotiations, or other cyber criminals trying to exploit the breach for their own gain.
Capgemini is yet to confirm the authenticity of the data samples provided by the attacker, or whether they were the victims of a cyber attack earlier this month.
ITPro has approached Capgemini asking if it can confirm or deny the claims made by the alleged perpetrator, but has not received a response.
According to GDPR requirements, the firm has 72 hours after confirming it has suffered an attack to notify the relevant national data protection agency, in this case France’s Commission Nationale Informatique & Libertés (CNIL).
Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.