Hackers have reportedly breached Deloitte’s global email server and gained unrestricted access to the company’s several high-profile blue-chip technology firms staff email ID, passwords, sensitive security details and more.
Deloitte, one of the top four globally-acclaimed professional accountancy firms, has fallen victim to a cyber attack that has left emails, personal details and other data of several high-profile clients — including blue-chip technology companies — compromised.
Though the company is said to have noticed the breach in the firewall security in March, rumours are rife that it got hacked several months ago — around October-November 2016, reported the Guardian.
UK-based Deloitte operates from its New York city headquarters and is said to be the epicentre of the cyber attack.
Oh, the irony! Deloitte, which proclaims to offer top-class “Information Security” advisory services to its clients, used to have an outdated single-step password authentication to access its global email server, against more robust and secured standard of two-step verification.
It has come to light that the hackers compromised the administrator’s account and got unrestricted access to more than 244,000 Deloitte staff and clients’ usernames, passwords, IP addresses, architectural diagrams for businesses and health information.
Some emails had attachments with sensitive security and design details, the Guardian added.
So far, six of the clients are confirmed to be affected by the security breach. Deloitte has apprised them about the ground situation.
The company’s newly-formed security team is working from its branch office Rosslyn, Virginia and has already initiated the internal investigation code-named Windham.
They are reportedly using reverse-engineering to trace the pathway the hackers used to enter and exit Deloitte’s main email server.
This is a developing story. Stay tuned. Follow us @IBTimesIN_Tech on Twitter for latest updates on Deloitte security breach.