Only weeks after credit-monitoring giant Equifax announced a hack of historic proportions, another firm that handles customers’ financial information has provided details about a breach they experienced.
Deloitte, a global accounting firm, announced on Monday that it had fallen victim to a cyberattack. The company said the attack had only affected a small number of clients, and limited information on the hack is available at this time.
The company released a statement, detailing the process the hackers used. More details may develop over time, but initial reports say the hack occurred from the company’s email platform. The attack seemed to have a pattern. The hackers targeted the firm’s operations in the U.S., and it seems the hacks could’ve been going on since last year.
All information suggests that the company released information about the hack as soon as they discovered it. This is in contrast to Equifax’s decision to wait before disclosing information about their massive breach, a move which brought even more controversy to the high-profile incident.
Legislators in the U.S. suggested numerous courses of action following the massive Equifax breach. Free credit freezing was among the ideas, as was a minimum timeframe for companies to inform clients of a breach.
Equifax’s breach could end up affecting millions of people. Deloitte says their customers include around 400 of the Fortune 500, and the attack is a concerning one even if all their clients weren’t affected.
The hack represents a growing problem that has everyone from cyber-security experts to lawmakers weighing in on how to protect sensitive data in the digital age. Companies with data like bank information and credit card numbers on file are a major target for data thieves. As hacks like these have proved, even the smallest vulnerability can be exploited, and even the smallest exploit can create catastrophic problems.
Shane Shook, a consultant who helps investigate cyberattacks on financial firms said: “These are targeted attacks on financial opportunity. This trend is going to continue to grow.”
The firm contacted government authorities when they learned of the attack. The organization is no stranger to cyber security. While their primary business sees them providing accounting, consulting, and auditing services, they also run a cyber security company on the side. Their primary business is considered a “Big Four” firm.
The company said they’d implemented a comprehensive security protocol after alerting the authorities. It is believed that none of their clients experienced disruptions as a result of the breach, but they’ve noted any type of data leak is a major incident.
While Deloitte’s breach did not affect as many people yet, experts are saying that it is too early to see just how prominent the attack was. It is possible that hackers obtained information from the company but haven’t used it at this time.
Even a company with experience in cyber security was caught off guard by this breach, making it a new victim in a growing phenomenon. No further comments have been released from the company or from investigators.