Deloitte insists 'very few' clients hit by major cyber attack

Updated: 

Accountancy giant Deloitte has insisted "very few clients" have been impacted by a major cyber attack that saw hackers target the company through its email system.

The professional services firm said on Monday that it had launched an "intensive and thorough review" into the attack, which saw data accessed from an "email platform".

Deloitte said it immediately contacted government authorities after it became aware of the incident, though reports suggest it was months before the breach was detected.

The company said it had also contacted "each of the very few clients impacted".

A spokesman for the company said: "Importantly, the review enabled us to understand precisely what information was at risk and what the hacker actually did, and to determine that only very few clients were impacted (and) no disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers."

Six of its clients have reportedly been notified that their information was hit by the attack. US government departments and companies with big household names were reportedly among the clients that had information in the affected email system, according to The Guardian, which broke the story.

It said hackers probably had access to the firm's global email server through an administrator's account since October or November last year, and could have accessed passwords, usernames, IP addresses and health information.

The Guardian said the breach of the email system was only discovered in March, giving hackers months to access the data.

Deloitte said it has reviewed its email platform.

The company's 250,000 staff reportedly had their emails stored on Microsoft's Azure cloud service, but it is believed to have been a US-focused attack.

A spokesman for the firm said: "Deloitte remains deeply committed to ensuring that its cyber-security defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security."