Another week, another damaging cybersecurity incident, but this time it’s Deloitte, Gartner’s IT security consultancy of the year.
The revelation that Deloitte has suffered a breach that compromised confidential emails came on Monday (25 September) from The Guardian, which also revealed that the Big Four accountancy firm brought in Hogan Lovells in late April to review the breach – understood to date back from November.
Deloitte has reportedly told six clients that their information has been “impacted.”
As we tweeted on Monday, hackers reportedly gained access to Deloitte’s email system using an administrative account that was not secured using two-factor authentication – ouch. The likes of Mobile Helix should have a field day with this one.
Deloitte has issued a statement to say that only very few clients were impacted, there was no disruption to business, that it has contacted the relevant authorities and immediately initiated its cyber response protocols. The full statement is here https://www2.deloitte.com/global/en/pages/about-deloitte/articles/deloitte-statement-cyber-incident.html
For a more controversial view, here is The Register with a report on what appears to show a collection of Deloitte corporate VPN passwords, user names and operational details “lurking within a public-facing GitHub-hosted repository.” Ouch again.
Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy ‘login details leaked’
Monday’s news that multinational consultancy Deloitte had been hacked was dismissed by the firm as a small incident. Now evidence suggests it’s no surprise the biz was infiltrated: it appears to be all over the shop, security wise.