Cyberattack on accounting giant Deloitte exposes sensitive customer data

[midian182]

It’s been revealed that yet another major company was the victim of a cybersecurity breach. In the wake of the Equifax incident that affected 143 million consumers, The Guardian reports that accountancy firm Deloitte has also been hacked.

The company, which is one of the world's big four accounting firms, made $37 billion in revenue last year through services that include auditing, consulting, merger and acquisition assistance, and, ironically, cybersecurity advice.

It’s thought that the hackers may have accessed Deloitte’s systems from either October or November last year through to this past March. They compromised the firm’s global email server via a password-protected administrator account that didn’t use two-factor authentication.

In addition to five million emails and their attachments, the hackers could have also stolen passwords, usernames, IP addresses, architectural diagrams for businesses, and workers' health information.

Deloitte’s customers include some of the world’s largest banks and companies, media firms, pharmaceutical businesses, and government agencies. Six of its clients have been informed that their data was “impacted” during the breach, though Deloitte didn’t specify which ones.

"As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators. We remain deeply committed to ensuring that our cybersecurity defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required," said the firm, which in 2012 was ranked the best cybersecurity consultant in the world.

A team of specialists is currently investigating the breach to determine if it was the work of a sole individual, a case of corporate espionage, or state-sponsored hackers.

A Deloitte spokesperson told the Guardian: "In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte."

Permalink to story.

https://www.techspot.com/news/71131-cyberattack-accounting-giant-deloitte-exposes-sensitive-customer-data.html

 

[Uncle Al]

It's time for the Government to take a much more aggressive posture. A simple law that states that ANY organization that collects and keeps sensitive data on any person, organization, or entity that could, by it's unauthorized release, theft, or exposure, cause harm to said person(s) shall be reliable for the recovery, payment and "making whole" any and all that are harmed without limitation. Liability shall be immediate and not transferable. Individuals shall be responsible for reporting and maintaining reports of costs. Either party found falsifying said information shall be subject to arrest as a 1st Class Felony.

Before you depute this remember that the overwhelming amount of this data is exchanged and sold between organizations without the knowledge, consent, or financial remuneration to, and of, the individual. If they are going to profit off of your information, they should be liable for it's safekeeping and responsible when they fail. If the penalties are not severe enough, companies and/or individuals shall be willing to accept the risk for significant reward opportunities.

 

[VitalyT]

That Deloitte is a world-class joke, not only for what they do, but how they do it. I crossed-path with them once, and was shocked to find out they had no IT infrastructure, while claiming to be involved in some banking software development. Looked like they do not even know what cyber-security means, a bunch of sleazy salesmen that they are.

 

[Skidmarksdeluxe]

Oh well. At least they issued the obligatory, standard and expected excuse about how committed they were, err... I mean, are, to cybersecurity and I'd be completely gobsmacked if they came up with an original. I've had the misfortune of having to deal with this lot before in the past and it wasn't an experience that conjures up a lot fond memories.