Deloitte Confirms Data Breach
One of the world’s largest accounting firms, Deloitte, has confirmed that a cyber attack resulted in the theft of some its clients’ confidential emails.
Hackers gained access to the system by using an administrator’s account, which may have given the criminals full access to the cloud storage system that holds emails, documents and contact information. Deloitte uses Microsoft’s Azure cloud storage, which is similar to Amazon Web Service and Google’s Cloud Platform.
Deloitte, which handles audits and offers tax and financial advice for individuals, governments and Fortune 500 companies, has not disclosed how many clients were affected, but the company has said it has contacted anyone whose data was accessed. The company insists only a small number of clients were impacted. Over five million emails were stored on the server.
While the attack was uncovered in March, the Guardian reported it may have taken place in October or November of last year.
Ironically, Deloitte offers cybersecurity advice that has, in the past, been ranked as some of the best in the world. Yet, the administrator’s account required just a simple log-in instead of the preferred two-step verification process.
In response to the attack, Deloitte said in a statement that it is “implementing its comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cyber-security and confidentiality experts inside and outside of Deloitte” and has notified the appropriate law enforcement and governmental authorities.