View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 25, 2017

Deloitte cyber-attack reveals blue-chip client details – report

Hacker allegedly breached the company's emails last year.

By James Nunns

Accountancy firm Deloitte has reportedly been hit by a cyber-attack that’s resulted in secret client emails being revealed.

According to The Guardian, a “sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients,” went unnoticed by the firm for months.

The report says that Deloitte’s customers across the banking sector, media, pharmaceuticals, and government firms all had material in the email system that was breached.

According to the report, six of Deloitte’s clients have been told that their information has been impacted by the hack.

The Guardian said that the hacker may have had access to the system as far back as October or November, with Deloitte only discovering it in March.

Sources told the publication that an “administrator’s account” is believed to have been accessed and that gave the hacker “in theory” broad access to all areas.

In addition to the emails, which were stored in Microsoft Azure, allegedly being breached, the Guardian alleges that hackers may have also had access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

An internal enquiry, codenamed “Windham” is said to be underway and a US law firm called Hogan Lovells was hired back on April 27th under “special assignment” to review a “possible cybersecurity incident.”

Deloitte confirmed to the Guardian that it had been hacked, but played down how many clients may have been impacted.

The NCSC Director predicts more ‘category one’ cyber attacks
How many records have been stolen this year already?
How to prepare for a cyber-attack

“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman said.

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.

“The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.

“We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.

“Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested.”

Javvad Malik, security advocate at AlienVault, said: “The unfortunate incident demonstrates that even the largest of organisations can sometimes overlook fundamental security practices such as not enabling two-factor authentication on administrative accounts.”

“It also highlights the importance of ongoing monitoring and threat detection so that any malicious activity can be detected and responded to in a timely manner.”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.