Deloitte launched investigation into a cyber attack that hit its email system.
The accounting firm said in a statement Monday the breach had affected “very few clients” and that government authorities were notified.
The Guardian newspaper reported Monday that the breached system had information from a range of clients, including US government departments and large firms.
Deloitte said in a blog post: “No disruption occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.”
“It is deeply committed to ensuring that its cyber security defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security.”
According to Gadgets360, hackers gained access through an administrator’s account.
Ilia Kolochenko, CEO of web security company, High-Tech Bridge, added: “At the moment, the scope of the breach is very obscure, same as its consequences that may vary from ‘none’ to a chain of disastrous attacks against FTSE 500 companies.
One thing is certain however – the Big Four, as well as any other reputable cybersecurity companies, have become a very attractive target for cybercriminals. Cybersecurity consultants usually have their customers’ ‘crown jewels, sometimes unencrypted or otherwise under protected.
Frequently, rapid business growth outshines internal security requirements in our industry, and it may be the Achilles’ heel even of the most secure companies in the world.
Third-party risk assessment and vendor management should become an obligatory security control in all large organisations. Cybersecurity companies should also continuously enhance their internal security and privacy policies, processes and procedures.”
Written by Leah Alger