Global accounting firm Deloitte reveals cyber attack affecting data of small number of clients

26 Sep 2017

Global accounting firm Deloitte yesterday said it was the victim of a cyber attack that affected the data of a small number of clients, but offered few details on the breach.

The company said in a statement that attackers accessed data from the company's email platform, and confirmed some details in a report by The Guardian newspaper, which broke news of the hack yesterday.

The attack that appeared to target the firm's US operations, was discovered in March and could have been ongoing since October 2016, according to The Guardian. But the company's statement was silent about those details.

The breach at Deloitte, which claims its clients include 80 per cent of the Fortune 500, comes as the latest in a series of breaches involving organisations that handle sensitive financial data that have alarmed lawmakers regulators and consumers.

This month has seen the US Securities and Exchange Commission, Wall Street's top regulator and Equifax Inc, one of the largest credit-monitoring bureaus, report breaches that put at risk confidential filings and sensitive personal data.

''These are targeted attacks on financial opportunity,'' said Shane Shook, an independent consultant who helps financial firms investigate cyber attacks, Reuters reported. ''This trend is going to continue to grow.''

Deloitte claimed to have contacted "governmental authorities immediately after it became aware of the incident .... No disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers."

Deloitte, which is one of the "big four" accounting firms, offering audit, tax and advisory services to large global corporations, reported global revenue of nearly $39 billion in its latest fiscal year, and risk advisory was one of its fastest growing business segments.

According to commentators, the cyberattack is especially embarrassing for a firm that prides itself on helping other companies thwart online cyber attacks.

The company's website boasts that its "Cyber Intelligence Centre integrates state-of-the-art technology with industry insight to provide round-the-clock business-focused operational security [to clients]."