The Akira ransomware gang claims to have stolen 23 GB of internal and personal data from Apache OpenOffice, but the Apache Software Foundation maintains that such data does not exist within its open source development structure.
The Apache Software Foundation (ASF) has disputed claims by the Akira ransomware gang, which alleged on 30 October that it had breached the Apache OpenOffice project and extracted 23 GB of sensitive data. The group claimed the stolen material included employee information, financial records, confidential internal files, and reports relating to software issues.
Akira’s leak site stated:”We will upload 23GB of corporate documents soon. Employee information (addresses, phones, DOB, driver licenses, social security cards, credit cards information and so on), financial information, internal confidential files, lots of reports about their problems with the application and so on.”
However, the ASF has stated that no such data exists within the OpenOffice project. An ASF spokesperson noted:”The Apache Software Foundation takes security of our projects’ software very seriously, and we are currently investigating this claim. There has been no reported ransom demand to the Foundation or the Apache OpenOffice project at this time.”
They further added that the structure of the project makes the claims implausible:
“Since Apache OpenOffice is an open source software project, none of our contributors are paid employees for the project or the foundation, so we don’t even possess the set of data described in the claim.”
The Foundation emphasised that development takes place publicly: “Because OpenOffice is developed in an open and transparent manner on our developer mailing lists, all concerns about bugs and feature requests are already public.”
No evidence of a breach has been found, no ransom has been demanded, and no leaked data has appeared to date. The incident highlights how open-source transparency reduces both attack surface and extortion leverage.
