SecureWorld reached out to Deloitte about reports of a hack that may have exposed secret client emails.
Although there was no statement on the company's global or U.S. blogs about the hack, we did get an eyeful regarding Deloitte's record earnings.
So here's what we know about a hack on Deloitte after reaching out to the company:
The hack was discovered earlier this year and came to light on September 25, 2017, after word got out.
How did the Deloitte hacker get in?
In a statement to SecureWorld, the company says the attacker accessed data from an email platform and that a review of that platform is now complete. It is downplaying the impact here:
"Importantly, the review enabled us to understand precisely what information was at risk and what the hacker actually did and to determine that:
- Only very few clients were impacted
- No disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers
"Deloitte remains deeply committed to ensuring that its cyber-security defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber-security.”
The company is also playing up the steps taken after the hack, telling SecureWorld, in bullet points, it did the following:
- Implementing its (Deloitte's) comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte;
- Contacting governmental authorities immediately after it became aware of the incident; and,
- Contacting each of the very few clients impacted
Was the U.S. government one of the clients impacted?
Deloitte isn't saying which clients were impacted, however, a report just out says a government agency might have been one of the victims here. The Department of Homeland Security, which collects breach and hack reports from other agencies, has stayed quiet on this for now.
There is more to come on this story. For the latest developments and original stories around cybersecurity, follow SecureWorld on LinkedIn, Twitter, or Facebook.
