Akira Ransomware Claims It Stole 23GB from Apache OpenOffice

The Akira ransomware group claims to have breached Apache OpenOffice and stolen 23GB of data. Apache OpenOffice, for those unfamiliar, is a free and open-source office software suite developed by the Apache Software Foundation.

It includes tools similar to Microsoft Office, serving as a free alternative available on Windows, Linux, and macOS. The suite offers Writer for word processing, Calc for spreadsheets, Impress for presentations, Draw for graphics and diagrams, Base for databases, and Math for creating mathematical formulas.

As seen by Hackread.com, Akira claims the stolen data includes sensitive documents such as employee records containing physical addresses, phone numbers, driver’s licenses, social security cards, and credit card information.

Other allegedly stolen data includes financial records, internal confidential files, and what the group describes as “lots of reports about their problems with the application and so on.”

”We will upload 23 GB of corporate documents soon. Employee information (addresses, phones, DOB, driver’s licenses, social security cards, credit cards information and so on), financial information, internal confidential files, lots of reports about their problems with the application and so on,“ the group wrote on its dark web leak site.

Akira Ransomware group on its dark web leak site (Image credit: Hackread.com)

****Current Status****

At the time of writing, the Apache Software Foundation has not confirmed any breach of Apache OpenOffice systems or data. The listing remains unverified, and it is unclear whether Akira’s claim involves actual compromise or recycled information from previous incidents. Hackread.com has reached out to Apache for comment.

If confirmed, a breach of Apache OpenOffice could expose internal development data or contributor information, but users of the office suite are unlikely to be directly affected at this stage. The OpenOffice download infrastructure is separate from its development servers, so no public software distribution appears to be compromised.

****About Akira Ransomware Group****

Akira is a ransomware-as-a-service (RaaS) operation that first emerged in 2023. It has carried out hundreds of attacks across the United States, Europe and other regions, earning tens of millions of dollars in ransom payments.

Its tactics include double extortion, meaning stealing data and then encrypting systems, and it has variants for Windows, Linux/VMware ESXi. Bitdefender’s Threat Debrief report published in March 2025 found the Akira ransomware group hacking webcams of its victims.

The group communicates in Russian in dark web forums, and its ransomware checks for Russian language keyboard layouts to avoid attacking systems in Russian-speaking regions.

Nevertheless, OpenOffice users are advised to download Apache OpenOffice only from the official website and avoid third-party links shared on social media or forums. Until the Apache Software Foundation confirms details, there is no indication that end-user data or installations are affected.