Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deloitte Hit By Cyber-attack Revealing Clients' Secret Emails (theguardian.com)

Posted by msmash on from the security-woes dept.

Accounting firm Deloitte confirmed on Monday it had suffered a cyberattack. From a report: One of the world's "big four" accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal (the company has since confirmed the breach). Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months. One of the largest private firms in the US, which reported a record $37bn revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies. The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments

3 of 49 comments (clear)

  1. Cyberpocalypse? by mschwanke97402 · · Score: 4, Insightful

    I think we are rapidly approaching the day when the fun and games of the free, open Internet, with every last gadget, device, appliance, phone, tablet, laptop, pc and server all being on that very same Internet.

    Why there would need to be direct access from the public Internet to some of the data we've seen compromised recently is beyond me. Cheap bastards in the C-Suites? I get that if I want to see my account in an online banking web site that the web server I access is going to be connected to the public Internet but why wouldn't the back-end, such as the customer database be on a separate network with tightly controlled access from the public facing web servers to the back-end databases. It shouldn't be possible to connect from the public Internet via some exploit in the public-facing web server and then just dump the contents of all the back-end database servers.

    Am I just being naive here? Are going to end up requiring all connected devices have licenses/permits?

  2. Wrong headline by Alain+Williams · · Score: 5, Insightful

    The wording was about ''cyber-attack'' which sets the tone ''Oh, unfortunate Deloitte'' - where as it should have been something like ''Deloitte is the latest incompetent company to spew client information over the Internet''.

    It is about time that these crappy companies were called out for what they are. Oh: put the CEO's head on the block for this: make him pay for what this costs customers out of his own pocket - if it is paid for by Deloitte (or their insurers) then nothing will ever change.

  3. First, they came for the billionaires... by PopeRatzo · · Score: 3, Insightful

    I'm pretty sure the world would be a better place if the secret emails of Deloitte's "blue chip" clients were made public.

    --
    You are welcome on my lawn.