One of the ‘big four’ accountancy firms, Deloitte, is the newest victim of a massive cyber attack. Confidential emails and “plans of some its blue-chip clients” were compromised, suggested a Guardian report. It also revealed that the attack went unnoticed for months.
The attackers had infiltrated the global email server through ‘administrator’s account’ which may mean that they had access to all areas of the server, including the restricted ones. Reports suggest that the company discovered the attack in March earlier this year, but the perpetrators may have penetrated into the systems way back in October 2016. The company has set up an internal review bench to investigate the incident.
Sources have revealed that the account only required a single password login and did not deploy two-step verification process. “Emails to and from Deloitte’s 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft (…) In addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details,” report suggested.
The company is also yet to establish the actor, which may have been a rogue hacker, a rival organization, or a state-sponsored activity. Sources have revealed that hackers weren’t able to cover their tracks, and reverse-engineering may help to understand the path the attacker took.
The first bell rang after Deloitte hired US law firm Hogan Lovells on “special assignment” to review “a possible cybersecurity incident” earlier this year. Deloitte confirmed to Guardian that the accounting firm has been a victim of a cyber attack, but “only a small number of its clients had been “impacted.” It would not be drawn on how many of its clients had data made potentially vulnerable by the breach.”
Reports also suggest that an estimated five million emails on cloud were accessed by the attacker/s. While Deloitte sternly stated the emails that were at risk were only a fraction of this number.
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman said. “As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators. The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers. We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required. Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested.”