Deloitte’s cloud server emails hacked

Another hack rocked the world when Deloitte announced that it had been compromised in an attack about a year ago.

Initially, Deloitte reported that only six of its clients had been impacted, and that it was confident it knew what data had been taken. But new information has been released that suggests upward of 350 of Deloitte’s clients have been impacted and sensitive emails contained on its servers compromised.

Emails from four U.S. departments – state, energy, homeland security and defense – as well as from the postal service were compromised.

On top of those, many major companies were hit: Fannie Mae and Freddie Mac, FIFA, four global banks, three airlines, two multinational car manufacturers, energy giants and big pharmaceutical companies had their stored emails compromised.

The hackers used an administrator’s account to access the entire email database, including access to usernames, passwords, IP addresses and health information of users. The admin account was lacking the added protection of 2-factored authentication.

Some of the emails had special security privileged attachments as well. Deloitte joins a large number of headline hitting breaches that have been exposed in the past month.

The irony is Deloitte frequently advises companies on better cybersecurity practices and offers various consulting products.