Ride the Lightning

Deloitte Breached: Data of Blue Chip Clients Compromised

September 26, 2017

The Guardian reported on September 25^th that "big four" accountancy firm Deloitte was victimized by a cyber attack that compromised confidential e-mails and plans of some of its blue chip clients. Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.

According to the newspaper, Deloitte clients across all of these sectors had material in the company e-mail system that was breached.

Thus far, six of Deloitte's clients have been told their information was "impacted" by the hack. Deloitte's internal review into the incident is ongoing. The hackers may have had access to data since October or November of 2016, but the hack was discovered in March of 2017.

The hacker compromised the firm's global e-mail server through an "administrator's account" that, in all likelihood, gave the hacker privileged, unrestricted "access to all areas." The account reportedly required a single password and did not have "two-step" verification.

E-mails to and from Deloitte's 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. The Guardian believes the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

The breach is believed to have been focused on U.S. clients and was regarded as so sensitive that only a few of Deloitte's most senior partners and lawyers were informed.

The Guardian was told that the internal inquiry into how this happened is codenamed "Windham." It has involved specialists trying to map out exactly where the hackers went by analyzing the electronic trail of the searches that were made.

Investigators have not yet discovered whether a lone hacker, business rivals or state-sponsored hackers were responsible.

Law firm Hogan Lovells has been retained to provide "legal advice and assistance to Deloitte LLP, the Deloitte Central Entities and other Deloitte Entities" about the potential fallout from the hack.

Deloitte confirmed it had been the victim of a hack but insisted only a small number of its clients had been "impacted."

The Guardian was told an estimated 5 million e-mails were in the "cloud" and could have been accessed by the hackers. Deloitte said the number of e-mails that were at risk was a fraction of this number but refused to comment further.

Deloitte declined to say which government authorities and regulators it had informed, or when, or whether it had contacted law enforcement agencies.

While all major companies are targeted by hackers, the breach is a profound embarrassment for Deloitte, which offers clients advice on how to manage the risks posed by sophisticated cybersecurity attacks.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson