September 25, 2017 by

Deloitte Hit by ‘Sophisticated’ CyberAttack Revealing Client Emails

‘Big four’ accounting giant Deloitte has reportedly been the target of a sophisticated cyberattack where hackers gained access to confidential emails and plans of its blue-chip clients.

According to the Guardian, Deloitte is the victim of a cybersecurity breach that went unnoticed for months. Deloitte, one of the world’s largest private firms with a reported $37 billion in revenue, provides consulting, auditing and tax consultancy services to some of the world’s biggest companies and banks.

An excerpt from the report reads:

The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.

So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing.

Deloitte reportedly learned of the hack in March this year and it is believed that hackers may have had accessed its internal systems since October or November 2016.

Deloitte’s global email server was first compromised where the hacker reportedly gained “access to all areas” through an administrator’s account. The hackers potentially had access to usernames, passwords, IP addresses and architectural diagrams.

According to Guardian sources, email accounts belonging to Deloitte’s 244,000 staff were only secured with a single password and did not have two-factor authentication (2FA).

“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a Deloitte spokesman told the Guardian.

The cyberattack is particularly ironic given that Deloitte was ranked the ‘best cybersecurity consultant in the world’ in 2012.

For its part, Deloitte insists that it has been “in contact with the very few clients impacted” by the attack and has “notified governmental authorities and regulators.”

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.