A sophisticated hack has targeted one of the world’s “big four” accountancy firms – Deloitte – it surfaced.
Confidential emails and plans of some of the company’s blue-chip clients were compromised in the attack.
The cyber-security attack went unnoticed for months, the Guardian reported.
Deloitte – one of the largest private firms in the US – provides auditing, tax consultancy, and high-end cyber-security advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms, and government agencies.
Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.
So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. An internal review of the incident is underway.
According to The Guardian, Deloitte discovered the hack in March this year, but the attackers may have had access to its systems since October or November 2016.
The hacker’s obtained privileged, unrestricted “access to all areas” after the firm’s global email server was compromised through an “administrator’s account.”
The account required only a single password and did not have “two-step” verification, sources said.
Emails to and from Deloitte’s 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft.
In addition to emails, the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information, with some emails having attachments with sensitive security and design details.
The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte’s most senior partners and lawyers were informed.
It has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were responsible.