By Tara Seals
Accountancy giant Deloitte has been the victim of a cyber-attack that has compromised its global clients’ confidential emails and intellectual property.
The attack went unnoticed for months, sources said, and has impacted some of the largest organizations in the world, including multinational banks and media companies, Big Pharma and government entities.
Sources told the Guardian that the compromise was the result of privileged access: The attackers made their way into the company’s global email server by way of a hacked administrator account (that lacked two-factor authentication), sometime last October or November, and stayed there, collecting info on blue-chip clients, until Deloitte discovered the breach in March 2017.
The sources said that the attackers had access to around 5 million emails sent to and from Deloitte’s 244,000 staff during the time period, and that they were able to capture user names, passwords and in some cases intellectual property from email attachments, like architectural diagrams.