The Deloitte data breach is one ironic data breach. Why? Because the company was recognized in 2012 as the best cybersecurity consultant in the world. However, even this company didn’t escape from hackers. Let’s find out in this article the reason behind it.
Deloitte Touche Tohmatsu Ltd.
That is the full name of the company. Deloitte belongs to one of the world’s “big four” accounting firms. However, even the company that huge ran short of protecting itself from a data breach. Hackers used complex methods to compromise the confidential email and plans of some of its blue-chip clients.
Deloitte registered in London and now has its global headquarters in New York, U.S.A. It took at least four months before the company noticed the breach. Furthermore, what made this breach more embarrassing is the company reported $37B revenue in 2016. Moreover, the company provides consultancy in taxes, auditing – and ironically speaking, in cybersecurity.
No Two-Step Verification Spelled The Deloitte Data Breach
Deloitte discovered the breach in March 2017. But, The Guardian believes that hackers accessed the company’s systems since October/November 2016. The hackers hacked an administrator’s account. Afterward, this gave hackers privileged and unrestricted areas in all areas.
The Guardian reported that the administrator’s account the hackers broke into didn’t have two-step verification. In sum, it only required a single password.
Two-step verification involves both entering your password and entering a code sent to your phone. First, you sign in with your email and password. Afterward, the system sends a passcode to your phone.
Thus, hackers need both your passwords and a way to read your texts to access your account. This is an effective method of securing your account. Yet, Deloitte didn’t have this feature enabled on the administrator’s account.
The Effects Brought By Deloitte Data Breach
Azure stored 240,000 emails involving Deloitte’s staff. Microsoft provides the cloud service Azure. It is equivalent to Amazon Web Service and Google’s Cloud platform.
Moreover, the hackers potentially accessed login details besides emails. Furthermore, hackers accessed IP addresses and architectural diagrams for businesses. Also, the hackers possibly gained access to health information. Additionally, some emails had attachments with sensitive security and design details.
Deloitte Data Breach Secluded
The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte’s most senior partners and lawyers were informed.
Investigation
Specialists analyze the electronic trail of made searches. This may result in specialists figuring out where the hackers went.
According to The Guardian, the investigation team works out of the firm’s offices in Rosslyn, Virginia. Analysts review the compromised documents for six months. Moreover, they have not concluded yet about the incident. That is whether a single hacker, business rival, or state-sponsored hackers was responsible for the incident.
This is not only the incident where a huge company experienced a data breach. For instance, Equifax admitted in September 2017 that hackers compromised the personal data of 143 million US customers back in May.
Rate this post: