Deloitte hit by cyber security incident

Thursday, 28 Sep, 2017

One of the biggest accounting firm Deloitte found that it had been hacked in March and hackers got access to its systems.

Deloitte, of the biggest global accounting firms, suffered an attack that affected clients across sectors from auditing and tax consultancy to cybersecurity advice.

The firm conducted an enforced password reset in mid-October previous year, indicating that bosses were aware of the hack for some time, Krebs reported. But that might not be the case; any cybersecurity consultant, expert witness or attorney will say that no company is breach-proof. Deloitte works with many of the world's largest corporations as well as numerous government agencies in the U.S. Plus, the attack may eventually turn out to be wider in scope than initially thought. Only last week we learned about the Equifax security breach.

The Guardian described the breach as a "deep embarrassment" for the company in part because it advises clients on cybersecurity.

This month has seen the US Securities and Exchange Commission, Wall Street's top regulator and Equifax Inc, one of the largest credit-monitoring bureaus, report breaches that put at risk confidential filings and sensitive personal data.

In addition to the emails, which were stored in Microsoft Azure, allegedly being breached, the Guardian alleges that hackers may have also had access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

According to The Guardian, Deloitte has informed six of their clients about the potential impact of the hack on their businesses, but the company has neither denied nor confirmed these claims when questioned by other media outlets. It has involved specialists trying to map out exactly where the hackers went by analysing the electronic trail of the searches that were made.

Krebs, however, cites sources close to Deloitte who suggest the hack was likely more severe than that.

Deloitte has been the subject of the latest major cybersecurity attack, with confidential information from some of its clients reportedly compromised.

In a survey of more than 1,000 IT professionals conducted by Keeper Security, 54% of respondents said negligent employees were the root cause of a data breach. The company did not name the clients, confirm the number of clients it had contacted or say what type of data was stolen.

So, if you're a business owner or just a regular person, enable two-factor authentication, two-factor verification - whatever you want to call it - anywhere that you can. In 2012, Deloitte was ranked #1 globally in security consulting based on revenue.