The group said that very few clients were affected after the their data was accessed

September 25, 2017 – Financial Times

Deloitte has confirmed that hackers accessed data on an email platform, forcing the ‘big four’ accounting firm to contact clients potentially affected by the cyber attack as well as government authorities.

The breach, described by Deloitte as a “cyber incident” and first reported by the Guardian newspaper, will come as a blow to the firm, which cites the cyber security advice it provides to large companies as one of its fastest-growing revenue streams.

Deloitte, which audits large multinational companies including GlaxoSmithKline, BAE and BP, did not give many details about the nature of the attack except for confirming that the hackers accessed an email platform.

The accounting firm, which this month posted record global revenues of $39bn, said in a statement that the cyber breach had affected “only very few clients” and that “no disruption had occurred to client businesses, to Deloitte’s ability to continue to service clients, or to consumers”.

Deloitte added that its response to the cyber incident included mobilising a team of cyber security and confidentiality experts inside and outside of the company, alerting government authorities immediately after it became aware of the incident and contacting all of the clients affected.

It said: “Deloitte remains deeply committed to ensuring that its cyber security defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security.”

In its latest annual results, Deloitte described cyber analytics as a “high growth area” for the firm, adding that it had developed a global network of so-called “Cyber Intelligence Centres” to help clients “proactively detect, respond and recover from security events to become secure, vigilant and resilient”.

Deloitte also provides services to several large UK government departments and related entities, including the Department of Defence, the NHS and the BBC, according to Tussell, a data provider.

Since 2015, Deloitte has won contracts to provide cyber security advice to the Crown Commercial Service, an agency linked to the Cabinet Office, and The Thirteen Group, a housing developer.

The Deloitte breach has again demonstrated how vulnerable large professional services firms are to cyber attacks.