Just when you thought that the “big four” accountancy firm were safe you find out that one of the biggest has been hacked by a sophisticated cyber attack.
The big global tax and auditing firm that reported a record $49.4Billion (AUD) revenue last year, suffered a strong cyber attack that reulted in the theft of critical confidential information which included the private emails and documents of it’s clients. Deloitte, who is known for confidentiality, Said Monday that it’s system had been accessed via an email platform from October last year through this past March and that “very few” of it’s clients had been affected, the Guardian reports.
Deloitte discovered the cyber attack in March, but it believes that the unknown attackers may have had access to it’s email system since October or November 2016. It’s believed that Hackers managed to gain access to the Deloitte email server through an unsecured administrators account using two-factor authentication (2FA), granting the attacker unrestricted access to Deloitte’s Microsoft-hosted mailboxes.
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a Deloitte spokesperson told the newspaper.
“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.“
Deloitte has become the latest of the victim of the high-profile cyber attack. Just last month, Equifax publicly disclosed a breach of its systems that exposed personal data of as many as 143 million US customers.
Deloitte’s internal investigation into the cyber incident is still ongoing, and the firm has reportedly informed only six of it’s clients that their information was “Impacted” by the breach.