One of the largest accounting firms in the United States and indeed the world, Deloitte, has reported that it was the victim of a cyberattack that it caught back in March this year. The company believes that the breach might have begun in October last year which it was eventually able to catch in March of this year.
Deloitte offers its clients a wide range of services such as merger and acquisition assistance, tax and auditing services, and even cybersecurity advice. Therefore, it’s ironic that the company’s own systems have been breached.
It’s not known at this point in time who is responsible for this cyberattack which involved a breach of Deloitte’s email service that exposed five million emails. Aside from emails with sensitive attachments, hackers are also believed to have obtained usernames, passwords, IP addresses, workers’ health records, and business information.
The breach has reportedly been traced back to an administrator’s account that was password protected but didn’t have the additional security layer of two-step verification. According to the Guardian, the company has notified six of its clients that their information has been affected in this breach.
A spokesperson for Deloitte told the scribe that “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”
Deloitte has said that it will continue to evaluate this matter and will take additional steps as required.