One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.
Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.
One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
During the past year, there has been a surge in data breach reporting regarding Amazon S3 servers left accessible online, and which were exposing private information from all sorts of companies and their customers.
In almost all cases, the reason was that companies, through their staff, left Amazon S3 “buckets” configured to allow “public” access. This means that anyone with a link to the S3 server could access, view, or download its content.