Deloitte has been hit by a sophisticated hack, revealing confidential emails and plans of the company’s blue-chip clients.
The global company provides tax consultancy, cybersecurity advice and other services to several of the world’s largest banks, multinational companies, pharmaceutical firms and government agencies.
The hack was discovered in March 2017, but the firm believes it could have been going on since October 2016.
According to The Guardian, hackers had access to the emails to and from Deloitte’s 244,000 staff, usernames, passwords and IP addresses.
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” said a Deloitte spokesperson.
“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.
“The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.
“We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.
“Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested.”
It has yet to establish who is behind the attack. The team investigating the hack are believed to be working from the firm’s offices in Rosslyn, Virginia.
The hack comes as a big embarrassment for the company, who was ranked the best cybersecurity consultant in the world.