The Akira ransomware group announced on October 29, 2025, that it had compromised the systems of Apache OpenOffice, claiming to have stolen 23 gigabytes of confidential corporate information. Known for its double-extortion tactics, Akira revealed details of the alleged breach on its dark web site, warning that it would publish the stolen files unless a ransom was paid. The incident highlights the growing threat posed to open-source and non-profit software organizations amid increasingly sophisticated cyberattacks.

Apache OpenOffice, developed under the Apache Software Foundation, is one of the world’s most widely used free office productivity suites. It provides alternatives to commercial tools like Microsoft Office, featuring applications such as Writer for documents, Calc for spreadsheets, Impress for presentations, Draw for graphics, Base for databases, and Math for formulas. Supporting over 110 languages and available on Windows, Linux, and macOS, OpenOffice serves millions of users globally, including schools, small businesses, and community organizations. Fortunately, current reports suggest that public download servers remain unaffected, meaning user installations appear safe at this time.

According to Akira’s dark web post, the exfiltrated data allegedly includes personally identifiable information (PII) of employees—such as home addresses, phone numbers, birth dates, driver’s licenses, Social Security numbers, and financial details. The hackers also claim to have taken internal files, financial reports, and documentation related to software bugs and development issues. The group stated, “We will upload 23 GB of corporate documents soon,” emphasizing the scale and depth of the breach.

As of November 1, 2025, the Apache Software Foundation has not publicly verified or denied the intrusion. Representatives have refrained from commenting, and independent analysts have yet to confirm the authenticity of Akira’s claims. Cybersecurity experts caution that if the data is genuine, it could facilitate identity theft, phishing attacks, and further exploitation of affected individuals, although OpenOffice’s open-source nature limits potential damage to its codebase.

Emerging in March 2023, Akira operates as a ransomware-as-a-service (RaaS) group and has accumulated millions of dollars in ransom payments from victims across the United States, Europe, and other regions. The group typically steals sensitive data before encrypting systems, targeting both Windows and Linux/ESXi environments. In some cases, it even uses compromised webcams to intimidate victims. Communication traced to Russian-language forums suggests the gang avoids attacking systems configured with Russian keyboards, hinting at a geopolitical bias.

This alleged breach comes amid a surge in ransomware attacks on open-source projects, sparking renewed discussions about the need for stronger security frameworks in volunteer-driven ecosystems. Organizations using Apache OpenOffice are encouraged to review access controls, monitor network activity, and maintain isolated backups. As the cybersecurity community waits for further confirmation, the Akira listing continues to raise concerns about the vulnerability of collaborative software projects in today’s threat landscape.