UPDATED 15:23 EDT / SEPTEMBER 25 2017

INFRA

Hackers breach Deloitte’s email system, compromise client data

Yet another data breach at a major company has come to light.

In a statement released this morning, global accounting giant Deloitte LLP revealed that hackers had compromised its internal email system. A report in The Guardian cited sources familiar with the matter as saying that the deployment held approximately 5 million messages. The tipsters claim that some of them contained passwords, diagrams and other confidential information belonging to the company’s clients.

Yet despite the scope of the breach, Deloitte said that “very few” customers were impacted. The Guardian’s sources claim the company has notified six organizations that their information had been compromised as part of the hack.

The attack seems to have exploited a poorly secured administrator’s account. In particular, Deloitte reportedly neglected to require the affected staffer to use multifactor authentication. 

“Judging by the lack of multifactor authentication, it’s very likely that the brute force attack took place via web access to the email server,” commented Fleming Shi, senior vice president of technology at Barracuda Networks Inc. In other words, the attackers may have simply remotely guessed the email administrator’s password.

Given the compromised account’s weak security and the sheer amount of data on the line, Deloitte may have gotten off easy. This is especially true in light of the fact that the company apparently took quite some to detect the breach. According to the sources who shared  the details of the incident, the hackers may have had access to the email system as early as October 2016.

With that said, the data that did get impacted by the breach could still pose a major problem. Deloitte works with many of the world’s largest corporations as well as numerous government agencies in the U.S. Plus, the attack may eventually turn out to be wider in scope than initially thought.

Deloitte said that it has brought the relevant authorities into the loop. The revelation of the breach comes only a few weeks after word got out that attackers have hacked credit reporting agency Equifax Inc. and stolen the personal information of 143 million consumers.

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU