NEW YORK–Deloitte—which provides cybersecurity consulting among its other services–has acknowledged it has been breached.
The company, which is among the world’s so-called “big four” accounting firms, said a sophisticated hack had obtained confidential emails from some of its biggest clients. Deloitte also provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, corporations and government agencies. It is believed that companies in all sectors have been effected.
According to Deloitte, it discovered in March of this year that it had been hacked, and it believes the hackers had been inside its systems since October or November of 2016. The hackers compromised the company’s global email server. According to a report in The Guardian, Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.
It is believed the hacker(s) compromised the firm’s global email server through an “administrator’s account.” The Guardian reported that the account required only a single password and did not have “two-step” verification.
According to The Guardian, emails to and from Deloitte’s 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft.
In addition to emails, The Guardian said sources told it the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details, according to the report.