Published: Tue, September 26, 2017
Sci-tech | By Jackie Newman

Deloitte hit by major cybersecurity breach

Deloitte hit by major cybersecurity breach

A CYBER attack has reportedly hit accounting giant Deloitte with hackers alleged to have stolen the passwords, emails and personal details of clients.

Deloitte's internal investigation into the incident is still ongoing, but the Guardian says that the breach is thought to have begun around October or November 2016. The account itself was protected with a single password and did not have multi-factor authentication setup, The Guardian reported.

The company said in a statement that "very few clients" were affected by the attack, which was reportedly discovered in March.

It said the review had found "only a very few clients" had been affected. The hackers had access to up to 5 million sensitive emails and documents of its clients.

"The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client business, to Deloitte's ability to continue to serve clients, or to consumers", the spokeswoman said, according to Reuters.

Last week, several small businesses in the United States filed a class-action lawsuit against credit rating firm Equifax, representing millions of others affected by the breach of personal data, which included names, dates of birth, email addresses and telephone numbers.

US bombers stage North Korea show of force
Pyongyang conducted its sixth and largest nuclear test on September 3 and has threatened to test a hydrogen bomb over the Pacific. Trump called the North Korean leader a "madman" on Friday, a day after Kim dubbed him a "mentally deranged USA dotard".

Attackers also got access to other account credentials, IP addresses, sensitive email attachments, and "architectural diagrams for businesses and health information", the report said.

The cyberattack focused on the USA operations of the company, which provides auditing, tax advice and consultancy to multinationals and governments worldwide, the report said.

Sources also said that in late April, it hired law firm Hogan Lovells to review "a possible cybersecurity incident", in tandem with the firm's own internal review, which it code-named Windham.

"We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity". According to the Guardian, the breach has been kept under wraps since it was noticed by administrators in March.

It's understood the breach was focusses on the USA, and Deloitte's internal investigators were still not certain of who the attacker was, or whether it was a business, a state-sponsored hacker, or an individual. The team is said to be working out of the Rosslyn, Virginia office.

Like this: