Published: Thu, September 28, 2017
Economy | By Melissa Porter

Deloitte becomes the latest victim of cyber-attack

Deloitte becomes the latest victim of cyber-attack

The firm maintains its client businesses are proceeding without disruption following the disclosure, but due to the company's elite client base, the severity of the hack is still unknown.

News on the Deloitte hack came days after Securities and Exchange Commission Chairman Jay Clayton disclosed a 2016 cyber breach of a component of SEC's Electronic Data Gathering, Analysis and Retrieval system. Deloitte confirmed to The Guardian it was a victim of a hack but insisted only a few clients were hit.

On top of the emails, the Guardian report suggests the hackers may have been able to access usernames, passwords, IP addresses, health information and architectural diagrams for business planning. Deloitte's internal review into the incident is ongoing.

Look for more information to trickle out in coming days from the company, but also in the form of leaks from the security community and beyond. The team is said to be working out of the Rosslyn, Virginia office. Only if you get the security basics right - like implementing multi-factor authentication - will your security posture stand the test of time. It reported global revenue of almost $39 billion in its latest fiscal year, and risk advisory was one of its fastest growing business segments. "They accessed the entire email database".

The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte's most senior partners and lawyers were informed.

"It wasn't a small amount of emails like reported". This account is likely to have had a weak password and has compromised a large number of client information. "But we never notified our advisory clients or our cyber intel clients". "Their own experience with a simplistic breach of their Microsoft 365 infrastructure through an easy to access administrator account highlights how easy it is to overlook critical information stores".

This same source said forensic investigators identified several gigabytes of data being exfiltrated to a server in the United Kingdom.

The company said it would continue to evaluate the matter and take additional steps as required. Additionally, the company said it contacted governmental authorities immediately after it became aware of the incident, and that it contacted each of the "very few clients impacted".

iTWire has contacted the local Deloitte branch for comment.

The attack was said to have been discovered earlier this year, according to the report, and client information was leaked. The news is a major black eye for one of the world's "big four" accountancy and consulting firms-especially since a major part of Deloitte's business is selling cyber security.

Like this: