Hackers Breached Emails, Client Data Stored In Microsoft Azure Cloud Service
The “big four” accounting firm, based in New York, suffered a breach last year that may have exposed 5 million internal emails as well as “usernames, passwords, IP addresses, architectural diagrams for businesses and health information,” the Guardian first reported. Some exposed emails may have also contained attachments with sensitive or security-related details, according to the news report.
Deloitte discovered it had been breached in March, and it believes the breach began in October or November of last year, the Guardian reports. On April 27, Deloitte hired the U.S. law firm Hogan Lovells on “special assignment” to investigate the suspected breach.
The global accounting firm did not immediately respond to Information Security Media Group’s request for comment. But it confirmed the breach to the Guardian, claiming that only “a very small fraction of the amount that has been suggested” of exposed data was at risk and that only a small number of customers had been “impacted.”
Deloitte had $38.8 billion in revenue for its most recent fiscal year.
“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman tells the Guardian. “As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.”
Deloitte did not specify which government authorities or regulators it informed.