Following on the heels the massive theft of some 143 million consumers’ information from Equifax, one of the world’s largest accounting firms has confirmed that is the victim of cyber hack.
Deloitte revealed today that it was the victim of a cyberattack that affected “only very few clients.”
Of course, it’s unclear exactly what that means. Deloitte is a global firm with a huge list of clients, many of them very large, and representing both the private and public sectors. A breach of “very few” clients’ information could still be quite substantial.
The hack, which was first reported by The Guardian, reportedly affected the company’s email server and lasted for several months before it was uncovered.
The breach reportedly affected Deloitte’s private and government clients, who rely on the company for a variety of services including auditing, tax consultancy, and cybersecurity advice.
Deloitte notes in a statement that it notified ”governmental authorities immediately after it became aware of the incident.”
While The Guardian reports that six clients have so far been informed that they were “impacted” by the breach, Deloitte notes that “no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.”
The full extent of the breach — including the number of emails affected or the how long the hack lasted — is not clear.
However, The Guardian, citing sources close to the matter, reports that the hack lasted for about six months and that a hacker compromised the email server — stored on the Azure cloud service —through an “administrator’s account,” that lacked two-step authentication.
The cloud service reportedly hosted some five million emails, but Deloitte claims just a fraction of these emails were affected.
Sources also claim that the hack involved usernames, passwords, IP addresses, and health information.
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review,” a spokesperson for Deloitte told The Guardian, adding that the review enabled the company to better understand what information was at risk and what the hacker actually did.”
The company remains “deeply committed to ensuring that our cybersecurity defenses are best in class,” and will “continue to evaluate this matter and take additional steps as required,” the rep said.