Deloitte, one of the “big four” accounting firms, confirmed to the Guardian an intrusion into its network and breach of its internal email system, exposing emails and information involving an unknown number of its clients. The complete scope and impact of this incident remain unclear; however, Deloitte has stated it already identified and contacted six clients whose information was impacted. According to an anonymous source who spoke to KrebsOnSecurity, the intrusion potentially began in the fall of 2016 and malicious actors may have compromised administrative accounts, gained unauthorized access to the company's entire email system, and exfiltrated "several gigabytes of data" to a server located in the United Kingdom. The NJCCIC recommends Deloitte clients engage with their points of contact with the firm and determine whether or not any of their non-public information was potentially compromised. Deloitte clients should also consider conducting an audit of their own to determine what confidential or sensitive information was attached in emails or stored on Deloitte's systems and assess the risk if that data was compromised.

Data BreachNJCCICDeloitte