Deloitte Hit By Sophisticated Cyber Attack
25 September 2017 15:51
With the dust barely having settled since the Equifax data breach only a couple of weeks ago, one of the world's "big four" accountancy firms, Deloitte, has suffered a cyber attack that has compromised confidential data, the company has confirmed.
Attackers had accessed data from the company’s email platform, the company said in a statement, confirming a report by the Guardian newspaper. The attack had been discovered in March this year but could have occurred as early back as October 2016.
The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”. The account required only a single password and did not have “two-step“ verification, sources said.
Emails to and from Deloitte’s 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. This is Microsoft’s equivalent to Amazon Web Service and Google’s Cloud Platform.
In addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.
Deloitte said it had contacted those whose data had been accessed, although they have not yet confirmed exactly how many people had been affected or how much information had been compromised. Although, it's believed the attack was focused on the U.S operations of the company.
The company have stated that it had implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cyber-security and confidentiality experts inside and outside of Deloitte.
The firm said it contacted government authorities immediately after it became aware of the incident.