Deloitte targeted by a cyber attack that exposed clients’ secret emails

Pierluigi Paganini September 25, 2017

The accountancy firm Deloitte announced it is has been targeted by a sophisticated hack that compromised its global email server.

Today the accountancy firm giant Deloitte revealed that is has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients.

According to The Guardian that first reported the incident, hackers may have accessed company customers’ emails along with usernames, passwords and personal details of top accountancy firm’s blue-chip clients.

In addition to emails, hackers had potential access to IP addresses, architectural diagrams for businesses and health information.

“The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.” reported The Guardian.

“So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing.”

Deloitte hack

The newspaper described the breach as a “deep embarrassment” due to the efforts of the firm in the cybersecurity industry.

Deloitte discovered the hack in March this year, and according to The Guardian, the attackers may have had access to the company systems since October or November 2016.

The attackers hacked into the Deloitte global email server through an “administrator’s account” that allowed them to have full access to any area of the accountancy firm.

The Guardian was told an estimated 5m emails were stored in the ”cloud” that was accessed by the hackers, anyway, Deloitte said the number of emails that were exposed was a fraction of this number.

It seems that the account was poorly protected, the company did not adopt a “two-step“ authentication for it.

“Emails to and from Deloitte’s 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. This is Microsoft’s equivalent to Amazon Web Service and Google’s Cloud Platform.” continues The Guardian.

Deloitte confirmed it has immediately notified the incident to government authorities and the affected clients, it also tried to downplay the incident but anyway it is my opinion that such kind of incidents is always serious.

“Only very few clients were impacted,” Deloitte said. “No disruption has occurred to client business, to Deloitte’s ability to continue to serve, or to consumers.”

“Deloitte remains deeply committed to ensuring that its cyber-security defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security,” 

The newspaper reported that the incident is believed to have been US-focused, it affected so sensitive information that only a restricted number of Deloitte’s most senior partners and lawyers were informed.

The Guardian has been told the internal inquiry into the security breach has been codenamed “Windham”.

At the time it is still unclear if the attackers are financially or politically motivated, we cannot exclude it is the work or an insider.

Let me close with the statement released by a Deloitte spokesman.

“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman said.

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.

The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.

“We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.

“Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested.”

The Guardian pointed out the company claims to be the excellence in cyber security consultancy, and I hope for them they have adopted the necessary measures to avoid such kind of incident.

“Cyber risk is more than a technology or security issue, it is a business risk,” Deloitte tells potential customers on its website.

“While today’s fast-paced innovation enables strategic advantage, it also exposes businesses to potential cyber-attack. Embedding best practice cyber behaviours help our clients to minimise the impact on business.”

Deloitte has a “CyberIntelligence Centre” to provide clients with “round-the-clock business focussed operational security”.

Stay tuned.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Deloitte hack, security breach)

[adrotate banner=”13″]



you might also like

leave a comment