The Guardian reported on 25th September stating that the consulting firm Deloitte was struck by a cyberattack which might have exposed the emails of its corporate and government officials. Deloitte revealed the hack in March but hackers might have had access to the systems of the company way back in October.
The attack is among a series of hacks against key organizations during the last few months, with breaches striking the credit agency Equifax and the Securities and Exchange Commission. Deloitte is one of the “big four” accounting organisations which offers tax, audit and advisory services to large corporations globally. It reported almost $39 billion globally during its latest financial year and risk advisory was one of its fastest growing business segments. Its competitors include EY, PwC and KPMG.
The Guardian reported on Monday that the hack compromised “confidential plans and emails of some of its blue-chip clients” but the breach was not noticed for months. It reported that six clients were informed that their information was “impacted.”
Reuters.com posted on September 25th, 2017, quoting Deloitte as saying “its customers include 80 percent of the Fortune 500 is the latest in a series of breaches relating to organizations having sensitive financial data which have distressed regulators, lawmakers and consumers.
Initially, attackers could gain access into email server of Deloitte with an admin account which gave them unlimited access to the network. The Guardian reported that the account itself was protected with a single password and did not have several factor authentication setup. The emails were deposited in Microsoft Azure. Around 5 million emails were said to have been deposited in the cloud at the time of being compromised but Deloitte told The Guardian that only a small portion were actually at risk.
Deloitte appointed law firm Hogan Lovells way back in April to start looking into the hack. At the time of writing this, an internal review is still under process. Deloitte has a “CyberIntelligence Centre” to provide clients with “round-the-clock business focused operational security”.
The company confirmed that it had gone through a “comprehensive security protocol” and thoroughly reviewed the hack. It also contacted authorities immediately after it found out about the incident and contacted every affected clients.