Skip to main content
close search
site logo
Dive Brief

Deloitte reportedly suffered hack during email migration to Office 365

Published Oct. 11, 2017
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr: DeloitteToronto3 / Edited by CIO Dive

Dive Brief:

  • Deloitte's disclosure of its "sophisticated hack" last month is reportedly worse than first revealed, according to The Guardian. The hack allegedly exposed a server holding emails of about 350 clients including the U.S. Departments of State, Energy, Homeland Security and Defense.
  • The attack reportedly occurred during Deloitte's email migration and upgrade from an onsite system to Microsoft's cloud software, Office 365. Sources told The Guardian that the hackers infiltrated Deloitte's system using its email platform through a single password portal.
  • As of now, Deloitte cannot be "100% sure what was taken" by the hackers, according to the report, but Deloitte claims only six of its clients had information compromised. Other impacted organizations include the U.S. Postal Service, the United Nations, the National Institutes of Health, Frannie Mae and Freddie Mac and soccer's FIFA.

Dive Insight:

Deloitte originally claimed the attack had been reserved to a small portion of its clients' five million emails and occurred in either October or November 2016, according to an initial report. The hack is believed to have compromised data including usernames, passwords, IP addresses and "architectural diagrams" of partnered organizations.

Multi-factor authentication is the extra level of security Deloitte needed to avoid such an attack. Unsecure portals to classified information is the gateway hackers look to exploit the most. The security firm has since implemented more multi-factored authorization and encryption features.

Still, Deloitte's failings are an embarrassment for the consulting firm, especially following Equifax's mass data breach last month. However, companies are now concerned with the security of their partnered third-party vendors, although they are worth the risk

Savvy hackers are exploiting platforms used by companies like Deloitte. Cloud vendors, such as those used by Verizon and the WWE, both suffered exposed data after storage controls were left unsecure. While the responsibility ultimately falls on the impacted company, vigilant watch over potential data access points is needed in IT departments. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell