After it was reported that two of the big-three consumer credit agencies including Equifax and Experian were hit by a major security breach, now reports have surfaced that one of the big-four accountancy firms, Deloitte, was breached previous year, affecting all of its data.
The origin of the attack is still unclear.
Deloitte, which is considered one of the Big Four companies in global accounting services, might have been breached nearly a year ago, although it only came to know about it back in March.
The company has not yet revealed which companies might have been affected. Reports suggest Deloitte learned of the breach in March, but its systems could have been vulnerable since October 2016.
The accounting and advisory firm was the victim of a cyber attack nearly a year ago, and only now are clients finding out about it. Image: Compfight.
The company's newly-formed security team is working from its branch office Rosslyn, Virginia and has already initiated the internal investigation code-named Windham. "An administrative account was leveraged to gain access to Deloitte's email system".
Sources said if the hackers had been unable to cover their tracks, it should be possible to see where they went and what they compromised by regenerating their queries. If details in the Guardian's report are true, Deloitte failed to deploy elementary security measures such as requiring two-factor authentication. In fact, the firm claims that data accessed by the hackers will in no way impact the company's business or impact its cyber security.
Six clients have been told their information was "impacted" by the breach, according to the Guardian. This review will include a team of cybersecurity and information experts both within the company, as well as outsiders.
The firm did not confirm the names or number of clients affected, but the Guardianreported that six clients have been contacted so far.
It is the latest big-name organisation to be cracked by hackers in an attack that has exposed its entire email system.
Although at this point, it might be too early to truly estimate exactly what damage has been done.
Companies like Deloitte, which offers audit, tax consulting, technology consulting and cybersecurity services, are a tantalizing vector of attack for hackers looking to get information on their clients, especially given the deep technical integration and company information required for things like consulting and managed services.