Accountancy giant Deloitte hit by cyber attack

Thursday, 28 Sep, 2017

Accountancy giant Deloitte has been the victim of a cyber-attack that has compromised its global clients' confidential emails and intellectual property.

The Guardian - which first broke the story - says that the attack was focused on the USA side of Deloitte's operations, and data belonging to banks, multinationals, media enterprises, pharmaceutical firms and government agencies was included in the breach. The company brought in $37 billion in revenue in 2016.

Investigative reporter Brian Krebs claims the company is playing down the severity of the breach.

Government authorities have been alerted and a review is taking place, a Deloitte spokesperson told the Guardian.

And that's where a breach of this kind takes a turn, compared to previous attacks. According to the Guardian, the company has notified six of its clients that their information has been affected in this breach. So, hackers got unrestricted access to Deloitte's Microsoft-hosted email mailboxes.

Earlier this month, the US Securities and Exchange Commission and credit monitoring bureau Equifax both reported that confidential filings and sensitive personal data were compromised by hackers.

China to cut oil exports, ban textile imports from North Korea
Banks that may have previously looked the other way now have a strong incentive to pay close attention or risk severe punishment. Those measures did not go far enough for Trump. "The DPRK has grown accustomed to the hostile sanctions regime for decades".

"Deloitte will suffer greatly from reputational harm and I suspect a loss in customer confidence", said Rizwan Jan, CISO for the Henry M. Jackson Foundation.

Deloitte has not yet confirmed with which governmental departments and law enforcement agencies they will cooperate on this matter, they only confirmed that this attack has caused absolutely no disruptions to the clients involved.

Krebs, however, cites sources close to Deloitte who suggest the hack was likely more severe than that.

A statement from Deloitte confirmed that they are committed to increasing their cybersecurity protocols and that they are now evaluating the latest attack in order to adjust their cybersecurity defenses accordingly.

In 2012, Deloitte, which has offices all over the world, was ranked the best cybersecurity consultant in the world. The US company said an investigation had revealed that a file containing United Kingdom consumer information "may potentially have been accessed".

Last week, several small businesses in the U.S. filed a class-action lawsuit against credit rating firm Equifax, representing millions of others affected by the breach of personal data, which included names, dates of birth, email addresses and telephone numbers. As is so often the case, you can have the most fool-proof security operations around, but if some fool doesn't use two-factor authentication, you're a sitting duck.