Cyberattack on accounting giant Deloitte exposes sensitive customer data

It's been revealed that yet another major company was the victim of a cybersecurity breach. In the wake of the Equifax incident that affected 143 million consumers, The Guardian reports that accountancy firm Deloitte has also been hacked.

The company, which is one of the world's big four accounting firms, made $37 billion in revenue last year through services that include auditing, consulting, merger and acquisition assistance, and, ironically, cybersecurity advice.

It's thought that the hackers may have accessed Deloitte's systems from either October or November last year through to this past March. They compromised the firm's global email server via a password-protected administrator account that didn't use two-factor authentication.

In addition to five million emails and their attachments, the hackers could have also stolen passwords, usernames, IP addresses, architectural diagrams for businesses, and workers' health information.

Deloitte's customers include some of the world's largest banks and companies, media firms, pharmaceutical businesses, and government agencies. Six of its clients have been informed that their data was "impacted" during the breach, though Deloitte didn't specify which ones.

"As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators. We remain deeply committed to ensuring that our cybersecurity defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required," said the firm, which in 2012 was ranked the best cybersecurity consultant in the world.

A team of specialists is currently investigating the breach to determine if it was the work of a sole individual, a case of corporate espionage, or state-sponsored hackers.

A Deloitte spokesperson told the Guardian: "In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte."