Dive Brief:
- Deloitte, a top accounting firm, announced it experienced a "sophisticated hack" of private emails of "blue-chip clients", reports the Guardian. The firm was made aware of the hack in March, but it is believed the incident dates back to October or November 2016. It is also believed the attack was U.S.-targeted, but there are currently no details on those affected.
- The cyberattack infiltrated Deloitte's global email server through an "administrator's account" which authorized the hacker's entry to "all areas" of confidential information. The portal only required one password for complete access.
- The firm reportedly stores about five million emails in the Microsoft Azure cloud. The hacker may have also gained access to usernames, passwords, IP addresses and "architectural diagrams" for businesses, according to the Guardian.
Dive Insight:
The cyberattack is a significant blow to Deloitte's reputation as a "big four" firm that offers cybersecurity management to enterprise clients.
News of the attack follows Equifax's historic data breach, which compromised the data of 143 million U.S. consumers. However, it was the handling of the breach that left Equifax with numerous lawsuits and an FTC investigation. Equifax's CIO and CSO retired after it was revealed a patchable application was the point of access for the breach.
Researchers for Deloitte are currently working on the "electronic trail" of the hackers to find what material was accessed and how it is being used. The company claims only a small fraction of the five million emails are at risk.
Government authorities have been alerted and a review is taking place, a Deloitte spokesperson told the Guardian. The firm maintains its client businesses are proceeding without disruption following the disclosure, but due to the company's elite client base, the severity of the hack is still unknown.