Corporate finance giant Deloitte suffered a cyber-attack that compromised confidential data, including the private emails of some of its clients, the company has confirmed.
Its system had been accessed via an email platform and “very few” clients had been affected, Deloitte said.
The Guardian reported the attack had been discovered in March but could have happened months earlier.
Deloitte said it had contacted those whose data had been accessed.
It did not confirm exactly how many people had been affected or how much information had been compromised.
Deloitte carries out auditing, consultancy, tax and financial advice services for clients worldwide.
For the year ending on 31 May, it reported revenues of $38.8bn (£29bn).
Prof Alan Woodward, cyber-security expert at Surrey University, told the BBC that private email addresses alone were valuable data for hackers.
“Many people expect their email address to be in the public domain,” he said.
“But what most people have done when dealing with confidential matters is they have a second address – and it looks like it is that one that may have been let out here.
“Is it immediately going to be mean people’s data will be breached? Not really – but the secondary, more confidential email addresses mean phishing can become much more sophisticated.”
Phishing is an attempt by criminals to get valuable information, such as banking login details, by pretending to be emailing from an official source.
It is more likely to succeed if it is sent to an address that regularly receives correspondence from the real organization.
Deloitte said it had reviewed the email platform accessed and had determined there had been “no disruption” to the work of its clients.
However, Tony Pepper, chief executive of data security company Egress, said that compromised email servers could be full of sensitive information.
“This is why multi-factor access control such as two-factor authentication is important, especially for administrators,” he said.
“It makes it much harder to gain illicit access in the first place, and provides a warning if someone is trying to log in without your knowledge.”
Two-factor authentication involves providing extra information before logging in – for example, an access code sent by text message.
About Valsen Fiduciaries
Valsen Fiduciaries is a licensed independent global service provider of a broad range of fiduciary, administrative, legal, corporate secretarial and support services.
- Company formations and administration solutions
- Estate Planning Solutions
- Virtual Office Solutions
- Investment Management & Dealing License Solutions
- Collective Investments & Fund Solutions
- Gaming License Solutions
- Insurance Business Solutions
- Banking & Payment Systems Solutions
Feel free to contact us on:
- Telephone: +248 4321018
- WhatsApp: +248 2525217
- Skype: vf-international.com
- E-mail: [email protected]