Posted on September 26, 2017 at 3:04 PM
Consulting agency Deloitte suffered a major data breach that has gone unnoticed for months.
Reputable consultancy firm Deloitte recently experienced a cyber-attack that targeted their sensitive information database. Investigations are still ongoing to discover exactly what data has been compromised.
So far security experts seem to think that the attack was made possible using an internal administrator’s account to gain access. This account is likely to have had a weak password and has compromised a large number of client information.
Deloitte enjoys high-profile clients among which are large financial institutions, corporations, and governmental agencies.
The story first appeared in The Guardian. The publication has confirmed that only six of Deloitte’s clients have been notified of the data breach.
The origin of the attack is still unclear. Currently, the Deloitte headquarters located in New York, are launching investigations as to whether the attack came from an insider, a nation-state group, or an outside hacker.
The company has not yet revealed which companies might have been affected.
Deloitte boasted a stellar financial year in 2016 where it raked in $37bn in revenue. This latest data breach might affect their business and client trust severely.
To minimize damage and prevent similar attacks in the future, they are currently engaged in conducting an internal review, named “Windham”.
According to The Guardian, Deloitte employees became aware of the compromised data in its “global email server” in March this year. Security experts, however, have stated that hackers could have infiltrated the system as early as October 2016.
The staff account that is thought to be responsible only had one password, and refrained from using two-factor authentication. The Guardian reported that usernames, passwords, email attachments, and internal data of all of Deloitte’s clients were susceptible to hacking.
Many have criticized Deloitte’s surprisingly simple security system. This hack did not need extraordinary skills or infiltration techniques to be able to bypass Deloitte security.
According to a Deloitte spokesperson, the breached data was only a fraction of the total amount of 5 million emails that Deloitte stores in its Microsoft Azure server.
The spokesperson added that Deloitte is responding to this latest cyber attack by implementing an extensive security protocol, as well as the internal Windham review. This review will include a team of cybersecurity and information experts both within the company, as well as outsiders.
The spokesperson insisted that a very small amount of their clients have been affected and that Deloitte immediately notified every company involved in the data breach, as well as governmental authorities and regulatory bodies.
Deloitte has not yet confirmed with which governmental departments and law enforcement agencies they will cooperate on this matter, they only confirmed that this attack has caused absolutely no disruptions to the clients involved.
Although at this point, it might be too early to truly estimate exactly what damage has been done.
A statement from Deloitte confirmed that they are committed to increasing their cybersecurity protocols and that they are currently evaluating the latest attack in order to adjust their cybersecurity defenses accordingly.
This event follows the previous massive cyber attack on US credit-monitoring company Equifax. Hackers managed to infiltrate sensitive data from the company which left millions of client records vulnerable.