Deloitte Details
Deloitte
New York, New York • employees • Legal & Professional Services
Industry
Legal & Professional Services
Security Incidents
2
Deloitte Touche Tohmatsu Limited, commonly referred to as Deloitte, is a British multinational professional services network. Deloitte is the largest professional services network by revenue and number of employees in the world and is considered one of the Big Four accounting firms, along with EY, KPMG, and PwC.
Security Incidents
Deloitte Breach of Sep 2024
The stolen data reportedly includes email addresses, communications between intranet users, and internal server settings. This data has been made available for download to active users of the forum or those who purchase credits.
Deloitte has acknowledged the...
Show more
Taking into account the limited scope of the breach and Deloitte's quick mitigation, this incident scores a "Low to Moderate" severity level, a 4 on the scale.
The stolen data was made available on the BreachForums cybercrime forum to users who are active or have purchased credits. Despite the claims, Deloitte has confirmed the breach but insists that there is no threat to client data or other sensitive data. The firm has characterized the impact as lim...
Show more
Severity Score
Low to Moderate
Type
Data BreachSummary
A recent incident involved the theft of data from an internet-exposed Apache Solr server allegedly belonging to Deloitte. The hacker, known as IntelBroker, announced on the BreachForums cybercrime forum that they had obtained "internal communications" from Deloitte by exploiting the server, which was accessible using default credentials.The stolen data reportedly includes email addresses, communications between intranet users, and internal server settings. This data has been made available for download to active users of the forum or those who purchase credits.
Deloitte has acknowledged the...
Show more
Severity
A hacker known as IntelBroker announced the theft of data from an improperly protected Apache Solr server belonging to Deloitte. The server was accessible with default credentials, and the stolen data includes email addresses, internal communications, and internal settings. Deloitte confirmed the breach but stated the impact was limited and no client or sensitive data was compromised.Taking into account the limited scope of the breach and Deloitte's quick mitigation, this incident scores a "Low to Moderate" severity level, a 4 on the scale.
Impact
The incident involving Deloitte was a data breach resulting from an improperly protected Apache Solr server that was accessible with default credentials. The hacker known as IntelBroker claims to have obtained internal communications, email addresses, and intranet communication data from this server.The stolen data was made available on the BreachForums cybercrime forum to users who are active or have purchased credits. Despite the claims, Deloitte has confirmed the breach but insists that there is no threat to client data or other sensitive data. The firm has characterized the impact as lim...
Show more
Deloitte Breach of Sep 2017
Show more
Severity Score
Low
Type
Data BreachSummary
In September 2017, Deloitte, one of the world's largest accounting firms, experienced a significant security breach. The breach was orchestrated by an unknown threat actor who gained access to Deloitte's email system through an administrative account that lacked two-factor authentication. This unauthorized access potentially exposed confidential emails and plans of some of Deloitte's blue-chip clients. The breach reportedly compromised sensitive information, including usernames, passwords, IP addresses, architectural diagrams for businesses, and health information. Deloitte's internal investig...Show more
Severity
The severity of the Deloitte cyber security incident in September 2017 was significant as it compromised confidential data, including private emails of some individuals. The breach highlighted vulnerabilities in Deloitte's security measures and raised concerns about the protection of sensitive information.Impact
The breach impacted Deloitte's reputation as a corporate finance giant and raised questions about the security of client data. It also led to an intensive review by Deloitte to assess the scope of the incident and determine the potential impact on clients and stakeholders.KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos