Emails and more could be breached in possible Deloitte cyberattack
Deloitte has been the subject of the latest major cybersecurity attack, with confidential information from some of its clients reportedly compromised.
The London-registered, New York-based big four accountancy firm has had its email system breached, the Guardian reported, with the content of some emails - possibly including financial planning information of some of its blue-chip clients - said to be impacted.
It’s understood six of Deloitte’s clients have been informed that their information was involved, with the company undertaking an internal review.
The company apparently discovered the hack in March, although attackers could have had access to the email systems as far back as October 2016.
On top of the emails, the Guardian report suggests the hackers may have been able to access usernames, passwords, IP addresses, health information and architectural diagrams for business planning.
An administrative account was used by the attacker to gain unfettered access to the company’s cloud email service, hosted through Microsoft Azure, with the administrator’s account reportedly not having two-factor authentication turned on.
Two-factor authentication requires a second level of authentication above and beyond a password - usually a code sent to a user’s mobile phone, to ensure the person accessing the account is the intended user.
It’s understood the breach was focusses on the US, and Deloitte’s internal investigators were still not certain of who the attacker was, or whether it was a business, a state-sponsored hacker, or an individual.
The revelation comes weeks after details of a major security breach of credit reporting firm Equifax was reported.
That saw the credit and social security details of up to 143 million Americans, and a number of overseas individuals, potentially compromised.