Deloitte hit by cyberattack

Deloitte hit by cyberattack
© Getty Images

Deloitte was hit with a cyberattack that allowed hackers access to company emails and possibly confidential client information, the Guardian reported Monday.  

A spokesman for the firm confirmed to The Hill in an email that Deloitte suffered a "cyber incident," saying that an attacker accessed data from an email platform. The company, which conducted a review of the breach, said that "very few clients were impacted" and concluded that "no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers."

According to the Guardian, the hack was discovered in March, but hackers potentially had access to the company’s systems as far back as October or November of 2016 — meaning the access went undetected for as many as six months.

ADVERTISEMENT
Hackers are said to have compromised the company’s system through an administrator account, which was secured by a password but did not have two-factor authentication in place. 

According to the Guardian, some Deloitte clients, including major companies and U.S. government entities, had information in the firm’s email system at the time of the breach. 

Hackers potentially had access to 5 million emails stored in the company’s Azure cloud, which is managed by Microsoft. The breach may also have offered hackers access to usernames, passwords, IP addresses, business diagrams and other sensitive information.

The global company, which is based in New York, provides consulting, financial advisory, risk management, tax and other services to clients around the world, including major banks, companies and U.S. government departments and agencies. 

A Deloitte spokesman said that the company implemented a "comprehensive security protocol" and initiated "an intensive and thorough review which included mobilizing a team of cyber-security and confidentiality experts inside and outside of Deloitte" after detecting the data breach. The company also said that it immediately notified government authorities and contacted each of the "very few clients impacted," but did not give a number or details on those affected.

"Deloitte remains deeply committed to ensuring that its cyber-security defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security," a company spokesman said. 

Six clients have reportedly been notified that their information was affected by the breach.

News of the hack comes two weeks after credit reporting firm Equifax acknowledged a breach that may have affected up to 143 million Americans, an incident that has put the spotlight on cyber threats to major private sector entities.

This post was updated at 12:42 p.m.