ACCOUNTANCY OUTFIT Deloitte has fallen victim to a cyberattack that has exposed potentially millions of confidential emails.
The Guardian has the scoop on the attack, which comes just a week after Equifax suffered a data breach that exposed the personal information of 143 million US citizens, and reports that a hacker, or group of hackers, was able to break into Deloitte's systems using an unsecured administrator's account, giving them full access to the company's five million cloud-hosted emails.
Hackers are said to have accessed confidential emails and plans of Deloitte's blue-chip clients, along with usernames, passwords, IP addresses, architectural diagrams for businesses and health information.
Deloitte first learned of the breach in March, according to the Guardian, but its systems could have been vulnerable since October 2016.
The company confirmed to the Guardian that it had been the victim of "a cyber incident", but said that only a small amount of clients have so far been told their accounts were affected by the hack.
According to the report, six of Deloitte's clients - which include some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies - have been notified.
"In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte," a Deloitte spokesperson said.
"As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.
"The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers.
"We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required."
It is not yet known who is responsible for the attack, with the Guardian noting that the firm has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were to blame. µ
The week in Google in brief
Sega hedgehogging its bets
And not a purple duck in sight