http://www.reuters.com/article/us-deloitte-cyber/deloitte-hacked-says-very-few-clients-affected-idUSKCN1C01PB
Deloitte hacked, says ‘very few’ clients affected
Deloitte was hacked as early as last year, according to sources quoted by Reuters. The consulting company – a “big 4” – serves 80% of the Fortune 500, including consulting services for cyber security. The attack was targeted at email servers at Deloitte. It is unknown right now what kind of information they got, but based on my experience working in consulting, it is likely that these emails include high level communications between Deloitte and its clients. Very embarrassing to say the least, and has some big ramifications beyond Deloitte’s bottom line. Sensitive financial data could have been compromised, as well as strategy discussion that could be used in any number of ways – and possibly information regarding enterprise security. Deloitte hired lawyers in the spring of this year and had been very tight lipped about the breach.
If Equifax was hacked earlier this year and Deloitte was last year, why are we just hearing about this now? Just curious – are their standards of revealing when the period of a hack more strict or less strict and why? Food for thought
Good question! Probably all managed by lawyers and PR specialists, who abide by whatever regulation is in place.
Neil,
The answer to this question is very important. In my opinion, these companies don’t want to announce these incidents at the time they get attacked, I think they like to know the consequences first and how much damage these attacks can result.
They are big organizations that deal with sensitive information all the time, they know the reaction of their clients who keep them having business won’t be good for their businesses. The impact of this announcement in the beginning of the year will be very bad since they companies like Deloitte start new projects in that time of the year. The impact will be very low if they announce these attacks in the end of the year.