The major accounting firm Deloitte has been hit by a cyberattack which compromised a number of client emails. Deloitte reportedly discovered the breach this March, though hackers may have had access to the information since late last year.
The “sophisticated” hack compromised emails and plans of some of the firm’s “blue-chip clients,” according to The Guardian. Those clients may include banks, pharmaceutical firms, media enterprises, other multinational companies, and even government agencies.
The report claims that six Deloitte clients thus far have been informed that their information was “impacted,” and that the breach was “U.S.-focused” with highly sensitive information involved. An internal investigation is still ongoing.
Deloitte is considered one of the “big four” accounting firms in the world, along with Ernst & Young, PricewaterhouseCoopers, and KPMG. Just a few weeks ago, Deloitte announced a record in annual revenue, of $38.8 billion. The firm provides audit consulting, financial advisory, risk management, and tax related services to thousands of companies. Deloitte employs more than 263,000 people worldwide.
The Guardian claims the firm’s administrator account was breached, which could have theoretically given the hacker unrestricted “access to all areas.” Sources said the account was protected by a single password, and lacked “two-step” verification.
Deloitte confirmed the breach but said that only a few clients were actually affected. This breach follows the massive Equifax breach which was announced a few weeks ago — while the Deloitte hack is dealing with large companies, the Equifax breach may have affected 143 million U.S. adults.
While it’s too early to tell how much of a widespread effect the Deloitte hack will have, there’s a lesson here for everyone: turn on “two-step” verification on your sensitive accounts, if available. These two-step processes vary depending on what service you use, but this will give you an extra layer of security. For more simple protections online, read our article about Five Simple Ways To Improve Your Cybersecurity.