Deloitte, one of the so-called “big four” consultancy firms which offers auditing, tax consultancy and cybersecurity advice to multinationals and government agencies, has become the latest company to be hit by a cyber attack.
According to a media reports, the hack has compromised the confidential emails and plans of some of its blue-chip clients, although the firm insists this is “very few”.
It is claimed that Deloitte clients – including household names as well as US government departments – had material in the company email system that was breached.
So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing.
However, it is alleged that Deloitte discovered the hack in March this year, although the attackers may have had access to its systems since October 2016.
In addition to emails, it is claimed that the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.
The breach is believed to have occurred in the US and is reportedly so sensitive that only a handful of Deloitte’s most senior partners and lawyers have been informed.
The team investigating the hack is understood to have been working from the firm’s offices in Rosslyn, Virginia, where analysts have been reviewing potentially compromised documents for six months.
Earlier this year, Deloitte hired the US law firm Hogan Lovells on “special assignment” to review what it called “a possible cybersecurity incident”.
In a statement, the firm said: “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte. As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.
“We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.”