Deloitte Targeted by Cyberattack

New York-based Deloitte (FY16 net revenue of $17.5 billion) has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, according to the Guardian.

Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.

According to the Guardian, the hackers had potential access to:

  • Usernames and passwords
  • IP addresses
  • Architectural diagrams for businesses
  • Health information
  • Email attachments with sensitive security and design details

The breach, which is believed to have been U.S.-focused, was considered so sensitive that only a few of Deloitte’s most senior partners and lawyers were informed.

Deloitte’s internal review into the incident is ongoing. The team investigating the hack is working out of the firm’s offices in Rosslyn, Va., where analysts have been reviewing potentially compromised documents for six months.

So far, six of Deloitte’s clients have been told their information was affected by the hack.

A Deloitte spokesman has stated:

In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte.

 As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators. The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.

 We remain deeply committed to ensuring that our cybersecurity defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.