Big Four accounting giant and cybersecurity consultancy Deloitte has suffered a data breach that ironically enough may have resulted from the firm’s failure to follow its own security advice to clients.
The Guardian on Monday reported that an intrusion at Deloitte between October and November last year exposed emails containing highly sensitive data belonging to an unknown number of large US companies and government organizations.
The intrusion, which Deloitte did not discover until March 2017, apparently stemmed from the company’s failure to use two-factor authentication to protect a critical administrator account — something that it advocates as a best practice for clients. Attackers used the account to get privileged and unrestricted access to Deloitte’s entire Azure-hosted email system.