Deloitte email platform hit by cyberattack

Deloitte email platform hit by cyberattack

A cyberattack hit the email system of accounting company Deloitte, compromising some clients' data, the company acknowledged Monday.

"Only very few clients were impacted", the company said.

The hack was reportedly discovered in March, but hackers potentially had access to the company's systems as far back as October or November of 2016 - meaning the access went undetected for as many as six months. Along with emails and their sometimes sensitive attachments, the hackers may have gotten their hands on usernames, passwords, IP addresses, business information and workers' health records.

Hackers got access to Deloitte's email server through an administrator account and this account was not secured using two-factor authentication (2FA). Two-factor authentication would have alerted the account owner of the unauthorized access, and may have prevented the attacker from accessing it outright.

The revelation comes weeks after details of a major security breach of credit reporting firm Equifax was reported.

Malaysia chides Cayetano for Rakhine statement
Malaysia's opposition came as a surprise as the ASEAN has relied greatly on the principle of consensus. Reported byBenarNews, an RFA-affiliated online news service.

Deloitte said it immediately contacted government authorities and the affected clients after discovering the hack, which stemmed from a breach in an email platform, the firm said in a statement.

The cyberattack focused on the US operations of the company, which provides auditing, tax advice and consultancy to multinationals and governments worldwide, the report said.

It's now unclear who was behind the attack, but for the past six months, Deloitte has been investigating the breach of its email server, which exposed some five million emails. Deloitte said the number of emails that were at risk was a fraction of this number but declined to elaborate.

According to the Guardian, some company clients, including major companies and USA government entities, had information in the company's email system at the time of the breach. "They work with some of the biggest organizations on Earth, at the very highest level, which is like a red rag to a bull for hackers". The breach apparently stemmed from an administrator's account that was protected by a password and not two-step verification. "It makes it much harder to gain illicit access in the first place, and provides a warning if someone is trying to log in without your knowledge", he said.

Corporations, said Curry, also need a professional, modern incident response capability, a real strategy for segmentation and good hygiene, and to elevate the way security is managed and operated.

Related Articles