Apache Software Foundation denies Akira ransomware breach claims

The Apache Software Foundation has rejected claims made by the Akira ransomware group that its OpenOffice project suffered a cyberattack resulting in the theft of 23 gigabytes of corporate documents and employee data.

Apache OpenOffice, a widely used free and open-source office suite offering word processing, spreadsheet, presentation, graphics, and database tools, is maintained by the non-profit foundation and supported by a global network of volunteers. The software is compatible with major formats, including Microsoft Word and Excel, and operates across multiple platforms.

On October 30, the Akira ransomware gang listed Apache OpenOffice on its data leak site, alleging that it had stolen extensive employee and financial information, internal reports, and other confidential materials. The post claimed the stolen data included personal identifiers such as driver’s licenses, Social Security numbers, and credit card details.

The Apache Software Foundation said it found no basis for the claims and stated that no ransom demand had been made. The organization emphasized that it does not store or maintain the type of sensitive data described in the alleged leak.

“The Apache Software Foundation takes the security of our projects very seriously and is currently investigating this claim. There has been no reported ransom demand to the Foundation or the Apache OpenOffice project at this time,” the Foundation stated. “Since Apache OpenOffice is an open-source software project, none of our contributors are paid employees for the project or the Foundation, so we don’t even possess the set of data described in the claim.”

The Foundation added that OpenOffice development occurs in an open and transparent environment through public mailing lists, making bug reports and feature discussions visible to anyone. It further noted that, based on its review, the claim does not appear to target Apache OpenOffice’s infrastructure.

As of now, the Foundation’s investigation has found no indication of a breach, and the organization has not engaged law enforcement or external cybersecurity experts. The Akira ransomware group has yet to release any of the data it claimed to possess. At present, there is no evidence that the Apache Software Foundation or its OpenOffice systems were compromised.