Deloitte cyber attack reportedly hit corporate, government clients

Deloitte offices

Deloitte offices

According to the report, Deloitte discovered the breach in March of this year.

Two-factor authentication requires a second level of authentication above and beyond a password - usually a code sent to a user's mobile phone, to ensure the person accessing the account is the intended user.

Deloitte, one of the world's largest private accountancy firms, manages clients such as a banks, publishers as well as government agencies and it is thought companies spanning the full range of Deloitte's clients could be at risk.

At least six of Deloitte's clients have been told their information was "impacted" by the hack that exposed some 5 million emails.

A spokesperson for Deloitte told the Guardian that in the course of implementing "its comprehensive security protocol", it found "that no disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers".

Deloitte said in a statement that attackers accessed data from the company's email platform, confirming some details in a report by the Guardian. In 2012, research and advisory firm Gartner named Deloitte the best cybersecurity consultant in the world.

Natural disaster of magnitude 3.4 detected near North Korea's nuclear test site
Once North Korea obtains nuclear state status, it will try to negotiate with the US and South Korea for what it really wants. An natural disaster of magnitude 3.4 was detected in North Korea on Saturday, the Chinese quake administration said.

The Guardian - which first broke the story - says that the attack was focused on the USA side of Deloitte's operations, and data belonging to banks, multinationals, media enterprises, pharmaceutical firms and government agencies was included in the breach.

The team investigating the hack is understood to have been working out of the firm's offices in Rosslyn, Virginia, where analysts have been reviewing potentially compromised documents for six months.

This breach comes weeks after Equifax, the US credit monitoring agency, said the personal data of 143 million USA customers and 100,000 Canadian costumers had been accessed or stolen in a massive cyberattack in May.

The Equifax breach was discovered in July, but those potentially affected were notified only in mid-September 2017. The breach apparently stemmed from an administrator's account that was protected by a password and not two-step verification. "Their own experience with a simplistic breach of their Microsoft 365 infrastructure through an easy to access administrator account highlights how easy it is to overlook critical information stores".

Other data, such as business diagrams, were also compromised, and Deloitte's internal review is still ongoing.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.