A global accounting firm Deloitte, which is registered in London and has its branches all over the world, has been targeted by a sophisticated cybersecurity breach that went unnoticed for months.
On Monday, the firm confirmed that hackers have accessed their data of small numbers of clients, and they have not provided very few details on the breach.
In a statement released by the firm, they said that attackers accessed data from the company’s email platform through an “administrator’s account," which gave them unrestricted “access to all areas.”
Deloitte is one of the largest private firms in the US which provides auditing, tax consultancy, and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
So far, the firm has notified six of its clients about the hack. However, their internal investigation about the hack is still going on.
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman said.
“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.
“The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.
“We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.
“Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested.”
According to the reports of the Guardian, the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. While some of the emails contain the sensitive attachments too.
Till now it is believed that the breach is concentrated to the US only.
On Monday, the firm confirmed that hackers have accessed their data of small numbers of clients, and they have not provided very few details on the breach.
In a statement released by the firm, they said that attackers accessed data from the company’s email platform through an “administrator’s account," which gave them unrestricted “access to all areas.”
Deloitte is one of the largest private firms in the US which provides auditing, tax consultancy, and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
So far, the firm has notified six of its clients about the hack. However, their internal investigation about the hack is still going on.
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman said.
“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.
“The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.
“We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.
“Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested.”
According to the reports of the Guardian, the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. While some of the emails contain the sensitive attachments too.
Till now it is believed that the breach is concentrated to the US only.