Deloitte was breached last year, but investigators didn’t find out until March

The breach was due to actors gaining access to a privileged account that was not guarded by two-factor authentication.
(Óli Jón / Flickr)

Deloitte, one of the world’s largest accounting firms, was breached late last year. The incident caused some confidential emails, business plans, usernames and passwords belonging to U.S. companies and governmental agencies to be compromised.

The breach was reportedly focused on Deloitte’s U.S. business, which is headquartered in New York City. Although hackers are thought to have penetrated a company network around October or November 2016, the intrusion was not detected until March.

Deloitte brought in roughly $38 billion in revenue last fiscal year by selling financial consulting, accounting and cybersecurity services to government organizations and Fortune 500 corporations.

The breach was first reported by The Guardian.


In an email sent to CyberScoop, a Deloitte spokesperson confirmed that the reported breach had in fact occurred, but said that only a small number of clients were ultimately affected. Questions related specifically to when the incident originally happened or had been remediated were not answered.

Deloitte’s response to the issue included, according to the spokesperson, implementing a “comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

The Guardian reported, citing an unnamed source, that the incident stemmed from a hacker breaking into the firm’s global email server by apparently taking control of an administrator level account, which provided unrestricted access. This account was not protected with two-step verification, according to The Guardian, allowing for the attacker to attempt multiple logins without the user ever becoming aware.

The email server in question reportedly stored emails sent to and from Deloitte’s 244,000 employees.

An investigation into the breach has been ongoing for at least six month, The Guardian reported.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts