The attack on Deloitte was described as ‘sophisticated’ and may have compromised some blue-chip client information.
Deloitte, one of the biggest global accounting firms, has suffered an attack that affected clients across various sectors, from auditing and tax consultancy to cybersecurity advice.
It is believed that the breach is mainly affecting US-based clients.
What we know
How long ago was the initial hack?
The Guardian learned of the attack today (25 September) and so far, six of Deloitte’s clients have been informed by the firm that the breach has affected them. The attack was first discovered in March of this year but it is understood that the hackers may have had access to its systems for months before, possibly since October or November 2016.
How was the email server compromised?
Hackers apparently compromised the server by using an administrator’s account, which ostensibly gave them full and privileged access to the information contained within. The account was missing much-lauded two-step verification, requiring just a single password to gain entry. Emails had been stored in Microsoft’s Azure cloud storage service.
Did the hackers have access to anything else?
Those responsible may have had the potential to find IP addresses, health information, passwords and usernames, and business documents.
Who is analysing the hack?
The Guardian reported that the internal inquiry into the hack is called Windham, and the investigation team is carrying out operations in Rosslyn, Virginia.
What has Deloitte said?
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review, including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesperson said.
Another in a string of breaches
This cyberattack is another high-profile breach in what has been a string of serious compromises, from the Equifax incident to the recent disclosure from the SEC, which detailed hackers potentially using information to carry out insider trading.
— briankrebs (@briankrebs) September 25, 2017
This breach in particular is not ideal for the firm, as it has its own cybersecurity advisory service and offers consultations to clients on the subject of data protection.