Deloitte, a major US and global accounting firm, revealed that it was hit with a cybersecurity breach that may have extended from October of last year through this past March. The company being one of the worlds 'biggest four' accounting firms--working with large banks, global firms and government agencies, among others, provides tax and auditing services, operating consulting, merger and acquisition assistance. And best of all, cybersecurity advice!
It's currently unclear who was behind the attack, but for the past six months, Deloitte has been investigating the breach of its email server, which exposed some five million emails. Along with emails and their sometimes sensitive attachments, the hackers may have gotten their hands on usernames, passwords, IP addresses, business information and workers' health records. The breach apparently stemmed from an administrator's account that was protected by a password and not two-step verification.
The Guardian reports that six of Deloitte's clients have been notified that their information was affected. A Deloitte spokesperson told the newspaper, "In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte." The review has enabled us to understand what information was at risk and what the hackers actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers," said the spokesperson.
Deloitte hasn't stated which of its clients, which include US government agencies, have been impacted, but said, "As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators. We remain deeply committed to ensuring that our cybersecurity defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required."
Call us to learn more about preventing your business from having any cybersecurity breaches!
