INFRA
INFRA
INFRA
Hackers breach Deloitte’s email system, compromise client data
Yet another data breach at a major company has come to light.
In a statement released this morning, global accounting giant Deloitte LLP revealed that hackers had compromised its internal email system. A report in The Guardian cited sources familiar with the matter as saying that the deployment held approximately 5 million messages. The tipsters claim that some of them contained passwords, diagrams and other confidential information belonging to the company’s clients.
Yet despite the scope of the breach, Deloitte said that “very few” customers were impacted. The Guardian’s sources claim the company has notified six organizations that their information had been compromised as part of the hack.
The attack seems to have exploited a poorly secured administrator’s account. In particular, Deloitte reportedly neglected to require the affected staffer to use multifactor authentication.
“Judging by the lack of multifactor authentication, it’s very likely that the brute force attack took place via web access to the email server,” commented Fleming Shi, senior vice president of technology at Barracuda Networks Inc. In other words, the attackers may have simply remotely guessed the email administrator’s password.
Given the compromised account’s weak security and the sheer amount of data on the line, Deloitte may have gotten off easy. This is especially true in light of the fact that the company apparently took quite some to detect the breach. According to the sources who shared the details of the incident, the hackers may have had access to the email system as early as October 2016.
With that said, the data that did get impacted by the breach could still pose a major problem. Deloitte works with many of the world’s largest corporations as well as numerous government agencies in the U.S. Plus, the attack may eventually turn out to be wider in scope than initially thought.
Deloitte said that it has brought the relevant authorities into the loop. The revelation of the breach comes only a few weeks after word got out that attackers have hacked credit reporting agency Equifax Inc. and stolen the personal information of 143 million consumers.
Image: Pixabay
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
