Global accounting firm Deloitte hit by major cyberattack, reveals client emails

Deloitte cyberattack: Secret emails and plans from blue-chip companies at risk in widespread hack

Deloitte cyberattack: Secret emails and plans from blue-chip companies at risk in widespread hack

The account itself was protected with a single password and did not have multi-factor authentication setup, The Guardian reported.

The firm, which provides auditing, tax advice and consultancy to multinationals and governments, did not say when the attack occurred or how its defences had been breached.

The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016. Only senior partners and lawyers were informed when the breach was noticed in March after an outside law firm was brought in to investigate "a possible cybersecurity incident". Headquartered in NY, it reported a record $37 billion in revenue past year.

The company's website boasts that its "Cyber Intelligence Centre integrates state-of-the-art technology with industry insight to provide round-the-clock business-focused operational security [to clients]".

One of the largest private firms in the United States, which reported a record $37bn revenue a year ago, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.

Six of Deloitte's clients have so far been told their information was "impacted" by the breach, according to The Guardian, and a Deloitte spokesperson told Computer Weekly that "very few" clients had been affected.

The firm said it contacted government authorities immediately after it became aware of the incident, and it had contacted each client that had been affected.

Deloitte confirmed that the attackers had accessed data from an email platform and that a review of that platform was complete.

Equifax announced this month that there was an incident in which hackers were able to gain access to personal information for about 143 million Americans, along with a large number of Canadian and British individuals.

Two-factor authentication requires a second level of authentication above and beyond a password - usually a code sent to a user's mobile phone, to ensure the person accessing the account is the intended user. Deloitte said the number of emails that were at risk was a fraction of this number but declined to elaborate. "They work with some of the biggest organizations on Earth, at the very highest level, which is like a red rag to a bull for hackers".