Deloitte Data Breach Exposes Some Client Emails

Accounting giant Deloitte has suffered a data breach that exposed confidential emails about some of its biggest clients.

According to The Guardian, Deloitte discovered the hack in March but it is possible the perpetrators had access to its systems since October 2016.

The hackers reportedly gained access to email servers through an administrator account which required just one password and was not protected by two factor authentication.

The Debate: Do passwords have a role in the future of cybersecurity?

Deloitte hack

As many as five million Deloitte emails are stored on Microsoft’s Azure cloud platform, but the company said just a fraction were affected. It is claimed that the hackers had potential access user name, passwords and IP addresses, alongside attachments with potentially sensitive information.

An internal review team is investigating the breach but it is unclear who was behind it. Only a “handful” of the most senior partners were informed of the breach and some affected clients have been informed.

It is also believed the attack was focused on the US.

“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman told The Guardian.

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.

“The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.”

The breach is the latest in a number of high profile incidents, most notably one affecting US credit agency Equifax that impacts half the US population.

“Deloitte is a ripe target because of the company’s position right at the top of the corporate food chain,” said Tony Pepper, CEO of cybersecurity firm Egress. “They work with some of the biggest organisations on earth, at the very highest level, which is like a red rag to a bull for hackers.

“Whilst it hasn’t been confirmed exactly what was stolen, compromised mail servers can be a good source of sensitive information for an attacker, allowing them to siphon off message content and attachments.

Do you know all about security in 2017? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

AWS re:Invent Conference Welcomes Back Crowds

Over 27,000 attendees and members of the press (including Silicon) attend Amazon Web Services worldwide…

4 hours ago

Head Of Car Giant Stellantis Issues Electric Vehicle Cost Warning

The car manufacturing industry cannot sustain the costs from government demands to shift to electric…

5 hours ago

SpaceX’s Elon Musk Warns Of Bankruptcy Risk Over Engine Issue

SpaceX CEO Elon Musk warns of “disaster” concerning production of Starship Raptor engine that puts…

7 hours ago

Twitter To Remove Photos Tweeted Without Permission

Privacy overstep? Personal photos and videos of private individuals tweeted without the consent of the…

8 hours ago

Facebook Cryptocurrency Executive David Marcus To Leave

Executive in charge of Meta's cryptocurrency efforts, confirms he is leaving after seven years at…

10 hours ago

NY AG Seeks Overseer For Amazon Worker Safety

New York's attorney general asks US judge to appoint someone who will oversee worker safety…

10 hours ago