Skip to main content

Hackers Infiltrate Deloitte Accounting Firm

By October 9, 2017June 22nd, 2022Cybersecurity

Deloitte is not exactly a household name. In fact, unless you use the company’s services, you may not have ever heard of them, even though they’re one of the largest accounting firms in the world.

The company has the distinction of having been named the best cybersecurity consultant company in the world in 2012, and yet, even with that distinction, the company fell victim to a hacking attack that saw their core systems breached.

Company officials became aware of the breach in March, but took great pains to keep their investigation, and details into the matter a closely guarded secret as they monitored the activity of the hackers and worked quietly to solve the problem.

That investigation revealed that the hackers were able to gain access to the company’s data via an email server, all because the admin whose account was compromised had failed to use two-factor authentication, meaning all the hackers had to do to gain access was to acquire a single password. They did so, and the rest is, as they say, history.

Over the span of months that the hacker was active, he was able to gain access to a broad spectrum of information relating to a number of the company’s larger clients, including user names, passwords, IP addresses, health information and architectural diagrams.

So far, six of Deloitte’s clients have been informed of the breach and the potential impact to them. In one of the few public statements made about the matter, a company spokesman reported the following:

• A comprehensive security review has been performed and completed, utilizing assets both inside the company and from third party vendors
• All impacted clients and the appropriate government officials have been contacted
• No disruption to any client’s business has occurred as a result of the breach

As you can see, then, the company has opted for a tight-lipped approach when it comes to releasing details about the breach. This may well work in their specific case, but it is probably not a model to base your own company’s response on in the aftermath of a successful hacking attack.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.