Hackers Breach Deloitte Data, Access Confidential Client Emails

Chris Gaetano
Published Date:
Sep 25, 2017
By Bjørn Erik Pedersen - Own work, CC BY-SA 4.0

Hackers were able to breach Big Four firm Deloitte, breaking into the firm's global email server and accessing confidential client emails, according to the Guardian. Some of these emails had attachments with sensitive business information. They were able to get into the system through an administrator's account that gave them theoretically unrestricted access to all areas; the account, said the Guardian, only had a single password and did not have two-step verification. Beyond the emails, the hackers also had access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

Deloitte is said to have discovered the breach in March but did not publicly disclose the incident. The details were known only to a handful of the firm's most senior partners, with the internal investigation into what happened being assigned the code name "Windham." When contacted by the Guardian, however, Deloitte's lawyers did confirm that they had indeed been the victims of a cyber attack but said only a small number of clients had been impacted. 

Ironically enough, Deloitte was named as the number one cybersecurity consulting firm in 2012, in terms of revenue. 


Click here to see more of the latest news from the NYSSCPA.