Deloitte data breach exposes clients’ emails and company data. What caused the breach? And how can you prevent it?
About Deloitte
Deloitte is one of the big four accountancy companies. They offer auditing, tax, and cybersecurity services.
Moreover, the company is registered in London. Its headquarters is in New York. Also, in 2016, they had a record of $37 billion in revenue.s
Their services are available to the following industries:
- media companies
- pharmaceuticals
- world banks
- international companies
- government agencies
Deloitte data breach
Experts discovered the breach in March 2017. But, hackers accessed the company’s systems earlier. They believe it has happened since October or November 2016.
Additionally, it exposed the emails of Deloitte’s clients. Yet, Deloitte said that only six of its clients were affected.
How Deloitte data breach happened
An administrator’s account was missing a two-step verification. It only requires a single password entry.
And that’s where the hacker began to access the information. Note that it was an admin account. Thus, the hacker gained full access to all areas.
The potentially breached data
Besides, the emails of the clients and employees are stored in Azure’s cloud storage. It is a service provided by Microsoft. Which is like Google’s cloud platform and Amazon’s web service.
In addition, the hackers had potential access to the following US data:
- usernames
- passwords
- IP address
- health and business diagrams
- design details
However, Deloitte confirmed that only a few of its clients had been affected. Yet, an estimated total of 5 million emails is in their cloud platform.
They said that these emails are at risk. But, they did not elaborate on the matter.
Deloitte’s action to the breach
Deloitte hired security specialists. The internal term is called Windham. They are working from their Virginia office.
Moreover, they are trying to trace the hacker’s steps. Also, they continue to review the leaked files for six months.
Still, they have no idea if the hacker is a lone wolf. Also, it could be their business’ rivals or government hackers.
Besides, they hired the US law firm Hogan Lovells. Its assignment is to examine the data breach.
Lovells provides legal advice and assistance to Deloitte. It will help them recover from the damages of the hack.
Aside from security and law experts, they also contacted the government authorities and regulators.
Additionally, a spokesman from Deloitte commented. He said that they are applying security protocols. Also, they are doing intense reviews inside and outside their systems.
The negative impact
The data breach caused embarrassment for Deloitte. Why? Deloitte itself offers security services. Yet, they were unable to protect their own information.
Deloitte has more than 263,000 employees. Also, their services are open to more than 150 countries.
They also have a Cyber Intelligence Center. And it gives 24/7 operational security to businesses.
It was even ranked as the best security firm in the world. Yet, they were breached.
Conclusion
The data breach began because of the lack of protection of accounts. So, we suggest using multi-factor authentication. It is a critical step, especially for administrators.
