Deloitte, is a multinational professional services firm with operational headquarters in New York City in the USA. It is one of the large 4 accounting firms and the biggest professional services network in the world by income and number of professionals.
Deloitte has confirmed that the organization had suffered a cyber attack that ended with the stealing of confidential data, containing the private emails and documents of some of its clients.
The attackers were able to compromise the company’s global email server through an administrator’s account that, theoretically, gave them privileged, unrestricted access to all parts. The account needed only a single password and did not have “two-step“ authentication.
According to the company:
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte,”
“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.”
ِِAlthough all main organizations are targeted by attackers, the hack is a deep embarrassment for Deloitte, which allows potential clients advice on how to handle the risks posed by sophisticated cyber security attacks.