Deloitte hit by cyber-attack revealing clients’ secret emails | CIO | Scoop.it
Exclusive: hackers may have accessed usernames, passwords and personal details of top accountancy firm’s blue-chip clients

 

We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity.

 

The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.

 

The account required only a single password and did not have “two-step“ verification, sources said.

 

Emails to and from Deloitte’s 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft.

 

Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.