Deloitte cyber-attack under scrutiny

The Guardian newspaper has reported that the cyber-attack against ‘Big Four’ firm Deloitte, first disclosed by the newspaper on 25 September, was considerably more widespread than initially thought.

Deloitte has said in a statement that it believed that the hack had only impacted ‘very few’ clients: however, The Guardian claims that the attackers could have accessed the e-mails of more than 350 clients, including the United Nations, four US government departments, and a number of multinationals.

According to Deloitte, an ‘intensive and thorough review’ has been conducted which has enabled the firm to understand precisely what information was at risk and how the hacker operated to access its systems. Deloitte has also emphasised that it contacted government authorities and notified affected clients immediately once the hack came to light.

‘Deloitte remains deeply committed to ensuring that its cyber-security defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security,’ the firm said in a statement.

The attack was aimed at the firm’s US operations and was discovered in March, possibly starting in October 2016, according to the newspaper. The hackers accessed data from the company’s e-mail platform.

The attack at Deloitte is one of a number of recent intrusions at high-profile organisations holding sensitive data. The US Securities and Exchange Commission and credit reference bureau Equifax have also been hit with breaches from hackers in recent months. Deloitte’s response to the incident is under close scrutiny, as a lucrative offshoot of the firm’s business is cyber security advice to customers on the defence of networks and investigation of breaches.