Deloitte hit by sophisticated cyber attack, clients' secret emails stolen

Global accountancy firm Deloitte has fallen victim to a sophisticated hack that resulted in a breach of confidential information from some of its biggest clients, Britain's Guardian newspaper said on Monday.

Deloitte - one of the big four professional services providers - confirmed to the newspaper it had been hit by a hack, but it said only a small number of its clients had been impacted.

According to the report, so far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing. It is believed that the hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.

A spokesman told The Guardian, “In response to a cyber-incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cyber-security and confidentiality experts inside and outside of Deloitte.”

Hackers also had access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Additionally, some emails also had attachments with sensitive security and design details. The company discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.

With inputs from Reuters