Deloitte Cyber Attack can Affect High-Profile Blue-Chip Clients
Major professional services firm Deloitte has been targeted by a cyber security attack and reports say that the attack could have led to the breach of the confidential emails and plans of some of the blue-chip clients of the company.
As per reports, Deloitte came to know of this breach a few months earlier, but the breach could have gone on unnoticed for months.
The Guardian reports- “Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.” The report further says, “One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies…The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments. So far, six of Deloitte’s clients have been told their information was ‘impacted’ by the hack. Deloitte’s internal review into the incident is ongoing.”
The hack reportedly was discovered in March, but it’s guessed that the attack could have started way back in October or November 2016. It’s also inferred that the hack was accomplished by compromising the firm’s email server through an administrator’s account. This would have given the hackers free access to all areas. The account that has been hacked reportedly didn’t have the two-step verification and required only a single password.
The Guardian reports that the cyber security attack, which is believed to have been US-focused, has provided the hackers not just the emails, but potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information as well.
Deloitte seems to be regarding the issue as very sensitive and hence has reportedly kept only a handful of seniormost partners and lawyers informed. An internal inquiry, involving specialists, has also been initiated. The inquiry would try to map out exactly where the hackers went, by analyzing the electronic trail of the searches they had made. The specialists would also try to establish if it’s an individual, a business rival or state-sponsored hackers who were behind the attack.
It’s not yet evident as to how many of Deloitte’s clients have been affected due to the hack, but the company maintains that it’s just a small number of clients that have been hit. The Guardian report says, “Responding to questions from the Guardian, Deloitte confirmed it had been the victim of a hack but insisted only a small number of its clients had been impacted. It would not be drawn on how many of its clients had data made potentially vulnerable by the breach.” The report further adds “The Guardian was told an estimated 5m emails were in the ”cloud” and could have been accessed by the hackers. Deloitte said the number of emails that were at risk was a fraction of this number but declined to elaborate.”
The Deloitte attack is an addition to the list of high-profile cyber security hacks, including the Equifax hack, that have been reported in the recent weeks.
Julia Sowells374 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.