Arrow left dark
Newsletter icon SUBSCRIBE

Client details compromised as Deloitte admits to being victim of cyber attack

Clock icon Reading time: 2 minutes

Deloitte was yesterday forced to admit it had fallen victim to a “sophisticated” US-focused cyber attack on its email system that allowed a hacker to access confidential information associated with several of its most high-profile clients.

The “Big Four” firm’s admission came after The Guardian reported that evidence of the attack was discovered in March this year but that the attackers could have had access to its systems since late 2016.

According to the newspaper, the hacker was able to use a system administrator’s account to obtain unrestricted access to an estimated five million emails, some of which had “sensitive security and design details” attached, and some contained confidential plans of at least six of its biggest corporate clients.

The reports claim that the hacker needed only a single password to access the administrator’s account, which was not protected by a more secure two-step verification system.

While admitting to being a victim of the attack yesterday, Deloitte, which has a fast-growing international cybersecurity practice that advises corporate and government clients on how to defend themselves against such attacks, sought to play down the incident, insisting that “very few” clients had been affected and that no disruption had been caused.

A spokeswoman for Deloitte said that the firm had contacted “the very few clients impacted” to inform them of the breach. “No disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients or to consumers,” she said.

The spokeswoman said that the firm had informed the relevant government authorities immediately after it became aware of the breach and that it had initiated an “intensive and thorough review” of its systems using a team of cybersecurity and confidentiality experts from inside and outside the firm. She said that a review into the company’s email platform “enabled us to understand precisely what information was at risk and what the hacker actually did”.

She added: “Deloitte remains deeply committed to ensuring that its cybersecurity defences are best in class, to investing heavily in protecting confidential information and to contin- ually reviewing and enhancing cybersecurity.”

Share icon
Share this article: