According to The Guardian, one of the world’s “Big Four” was hit by a cyberattack that revealed client’s private information such as emails and other confidential plans. So far, Deloitte says only six of its clients have been told their information was revealed by the hack. Deloitte is conducting an internal investigation.
In addition to emails, it was also reported that the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.
Deloitte is one of the largest private firms in the world. The company brought in $37 billion in revenue in 2016. The company offers services to consumers such as auditing, tax consultancy and including what Deloitte calls its high-end cybersecurity advice to banks, enterprises, and even government agencies.
Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since for almost year since October or November 2016.
The hacker’s targeted the firm’s email server through an administrator's account, which gave the hackers access to all data and files. It was also reported by sources that the account didn’t have any verification process such as a “two-step”, but only had a single password login.
Emails and other client information are stored in Azure’s cloud service, which is provided by Microsoft. Within the cloud system, there could be much more information that could have been compromised, but not revealed yet.
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman said, “As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.”
Deloitte has a “CyberIntelligence Centre”, which keeps clients’ up to date and a constant surveillance of cybersecurity. Previously, Deloitte was also ranked the best cybersecurity consultant in the world.
It is not confirmed whether it was a single hacker or a group as well what the exact motives were for the attack.