The global accountancy firm Deloitte said Monday it was the victim of a hack that targeted its email system.
The cybersecurity breach, which was first reported by The Guardian newspaper on Monday, impacted “only very few clients,” Deloitte said in an emailed statement.
The firm said it contacted “governmental authorities immediately after it became aware of the incident …. No disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.”
Deloitte is one of the “big four” accounting firms, offering audit, tax and advisory services to large global corporations. It reported global revenue of nearly $39 billion in its latest fiscal year, and risk advisory was one of its fastest growing business segments. It’s competitors include PwC, EY and KPMG.
The Guardian reported Monday that the hack compromised “confidential emails and plans of some of its blue-chip clients,” but the breach went unnoticed for months. It reported that six clients were told their information was “impacted.”
Deloitte did not provide further information about when the breach happened or how many emails were accessed.
This is especially embarrassing for a firm that prides itself on helping other companies thwart online cybersecurity attacks.
The company’s website boasts that its “Cyber Intelligence Centre integrates state-of-the-art technology with industry insight to provide round-the-clock business-focused operational security [to clients].”
Deloitte is just the latest firm to fall victim to a high-profile cybersecurity breach.
Equifax announced this month that there was an incident in which hackers were able to gain access to personal information for about 143 million Americans, along with a large number of Canadian and British individuals.
This spurred the FBI and the U.S. Federal Trade Commission to launch investigations. At least 50 class action lawsuits have been filed against the company.
Even the U.S. Securities and Exchange Commission was recently hacked.
The financial regulatory agency said its network was hacked last year, possibly allowing intruders to make money by seeing crucial financial information before everyone else.
SEC officials said the problem that made them vulnerable to the hack was quickly discovered and fixed. But it “resulted in access to nonpublic information” that “may have provided the basis for illicit gain through trading.” An investigation is under way.
–Chris Liakos contributed to this report.