Deloitte Hit by Cyber Attack: Clients' Private Data Exposed

One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients.

Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.

One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies. Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.

So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing. 

The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”. The account required only a single password and did not have “two-step” verification, sources said. 

Emails to and from Deloitte’s 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. This is Microsoft’s equivalent to Amazon Web Service and Google’s Cloud Platform. In addition to emails, the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.

The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte’s most senior partners and lawyers were informed.

The internal inquiry into how this happened has been codenamed “Windham”. It has involved specialists trying to map out exactly where the hackers went by analysing the electronic trail of the searches that were made. The team investigating the hack is understood to have been working out of the firm’s offices in Rosslyn, Virginia, where analysts have been reviewing potentially compromised documents for six months.

It has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were responsible. Sources said if the hackers had been unable to cover their tracks, it should be possible to see where they went and what they compromised by regenerating their queries. This kind of reverse-engineering is not foolproof, however.

A measure of Deloitte’s concern came on 27 April when it hired the US law firm Hogan Lovells on “special assignment” to review what it called “a possible cybersecurity incident”.

The Washington-based firm has been retained to provide “legal advice and assistance to Deloitte LLP, the Deloitte Central Entities and other Deloitte Entities” about the potential fallout from the hack. Responding to questions from the Guardian, Deloitte confirmed it had been the victim of a hack but insisted only a small number of its clients had been “impacted”. It would not be drawn on how many of its clients had data made potentially vulnerable by the breach.

The Guardian newspaper was told an estimated 5m emails were in the “cloud” and could have been accessed by the hackers. Deloitte said the number of emails that were at risk was a fraction of this number but declined to elaborate. “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman said.
“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators. 
“The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.
“We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.
“Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested.”
Deloitte declined to say which government authorities and regulators it had informed, or when, or whether it had contacted law enforcement agencies.

Though all major companies are targeted by hackers, the breach is a deep embarrassment for Deloitte, which offers potential clients advice on how to manage the risks posed by sophisticated cybersecurity attacks.

“Cyber risk is more than a technology or security issue, it is a business risk,” Deloitte tells potential customers on its website.
“While today’s fast-paced innovation enables strategic advantage, it also exposes businesses to potential cyber-attack. Embedding best practice cyber behaviours help our clients to minimise the impact on business.”

Deloitte has a “Cyber Intelligence Centre” to provide clients with “round-the-clock business focused operational security”.
“We monitor and assess the threats specific to your organisation, enabling you to swiftly and effectively mitigate risk and strengthen your cyber resilience,” its website says. “Going beyond the technical feeds, our professionals are able to contextualise the relevant threats, helping determine the risk to your business, your customers and your stakeholders.”
In 2012, Deloitte, which has offices all over the world, was ranked the best cybersecurity consultant in the world.

Earlier this month, Equifax, the US credit monitoring agency, admitted the personal data of 143 million US customers had been accessed or stolen in a massive hack in May. It has also revealed it was also the victim of an earlier breach in March.
About 400,000 people in the UK may have had their information stolen following the cybersecurity breach. The US company said an investigation had revealed that a file containing UK consumer information “may potentially have been accessed”.

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information. Equifax, which is based in Atlanta, discovered the hack in July but only informed consumers in the second week of September.

Guardian:

You Might Also Read:

Equifax Executives Resign Without Charge:

PWC On The Hunt For 1,000 Data Scientists:

 

« Russia Attacked By ‘Full Scale Cyber War’
Was The German Election Hacked? »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Cybera

Cybera

Cybera is a leading provider of secure, software-defined WAN to many of the world’s top enterprises.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Zeneth Technology Partners

Zeneth Technology Partners

Zeneth is a consulting firm providing information technology and cybersecurity services to federal and commercial clients.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

SparkCognition

SparkCognition

SparkCognition’s AI-powered solutions enhance cybersecurity, identify and prevent equipment failures before they happen, and provide prescriptive intelligence for maintaining your most critical assets

Secucloud

Secucloud

Secucloud GmbH is a provider of high-availability cyber-security solutions, offering a cloud-based security-as-a-service platform, particularly for providers.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

Armorblox

Armorblox

Armorblox stops targeted email attacks such as 0-day credential phishing, payroll fraud, vendor fraud, and other threats that get past legacy security controls.

Jolocom

Jolocom

Jolocom builds decentralized software solutions that enable people, organizations, and machines to own and control their identity information.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

Winterhawk Consulting

Winterhawk Consulting

Winterhawk Consulting offer comprehensive solutions and services related to SAP GRC, Security, Role Design and Audit to meet your complex compliance needs.

Foundries.io

Foundries.io

Foundries.io have built a secure, open source platform for the world's connected devices, and a cloud service to configure this to any hardware and any cloud.