In a deep embarrassment to Deloitte, which was ranked as the best cybersecurity consultant in the world in 2012, the accountancy firm fell victim to a cyberattack recently. It was one of the world’s four big accountancy firms that were targeted by hackers, The Guardian reported.
Deloitte, which has its global headquarters in New York, provides its service to some of the world’s biggest companies, and in 2017 it reportedly raked in revenues of $37 billion. The cyberattack, which went unnoticed for six months, gave full access to Deloitte’s client’s emails through an administrator’s account, which required only a single password, the report added.
An estimated 5 million emails were stored on the cloud with sensitive security and design details, all of which could have been accessed by the hackers. So far, only six clients have been notified about the data breach, but Deloitte refused to reveal the identity of the clients.
It is also believed that hackers had “usernames, passwords, IP addresses, architectural diagrams for businesses, and health information.”
The investigating team hasn’t been able to figure out whether it was a lone wolf, business rival, or a state sponsored attack, but the hackers can be traced if they haven’t covered their tracks.
The Guardian quoted a Deloitte spokesperson as saying:
In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review, including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)