BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Deloitte hit by cyber-attack revealing clients’ secret emails

From: Richard Forno <rforno () infowarrior org>
Date: Mon, 25 Sep 2017 10:05:54 -0400


Deloitte hit by cyber-attack revealing clients’ secret emails
Nick Hopkins
Monday 25 September 2017 08.00 EDT

One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the 
confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.

Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity 
attack that went unnoticed for months.

One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte 
provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, 
multinational companies, media enterprises, pharmaceutical firms and government agencies.

The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was 
breached. The companies include household names as well as US government departments.

So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal 
review into the incident is ongoing.

The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had 
access to its systems since October or November 2016.

The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them 
privileged, unrestricted “access to all areas”.

The account required only a single password and did not have ”two-step“ verification, sources said.

Emails to and from Deloitte’s 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. 
This is Microsoft’s equivalent to Amazon Web Service and Google’s Cloud Platform.

< - >

https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange
Previous By Date Next
Previous By Thread Next

Current thread: