Deloitte hit by cyber-attack revealing clients secret emails
https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails
Deloitte hit by cyber-attack revealing clients secret emails
Nick Hopkins
Monday 25 September 2017 13.00 BST
One of the worlds big four accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal. Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.
One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the worlds biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies. The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments. So far, six of Deloittes clients have been told their information was impacted by the hack. Deloittes internal review into the incident is ongoing.
The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.
(snip)
The hacker compromised the firms global email server through an administrators account that, in theory, gave them privileged, unrestricted access to all areas. The account required only a single password and did not have two-step verification, sources said.
(snip)
The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloittes most senior partners and lawyers were informed.
(snip)