Deloitte Touche Tohmatsu Limited, a huge company related to professional services, has recently been attacked by cyber criminals. As a result, sensitive data has been compromised, such as customer emails.
However, the company claims that not many clients have suffered from this data leak. It turns out that the firm found out about this incident in March but the leaks could have happened sometime before that.
There are no exact data about the size of the leak, for example, the number of people affected or the emails leaked. Deloitte contacted the victims to tell them about the event.
Deloitte is a UK-based multinational company that works with tax, consulting, audit, and various financial services. By the number of employees and revenue, it is considered to be number one in the world.
The importance of email addresses
Many people don’t know how hackers can use their email addresses to cause harm. However, this information can be crucial when it comes to phishing attacks. Professor Alan Woodward, who works at Surrey University and is an expert on cyber-security, said that emails addresses can be used maliciously if cyber criminals get their hands on them.
“Many people expect their email address to be in the public domain, but what most people have done when dealing with confidential matters is they have a second address – and it looks like it is that one that may have been let out here.”
According to Prof Woodward, this fact does not mean that people should immediately fear that their personal information would be breached. However, the fact that it is the more private email addresses that are breached means that people will be more likely to accept the fake letters they receive as real, making phishing schemes more common.
Phishing occurs when a hacker tries to steal personal data by sending emails that look like they have come from official companies. The personal data can include banking credentials, passwords, social security numbers and similar information. The worst thing is that people give their data to hackers willingly just because they believe the letters are legitimate.
If a person receives an email to an address used only for official correspondence, they are much more likely to trust the sender, especially if it poses as a long-term correspondence partner.
How serious is the Deloitte breach?
Even though the officials at Deloitte say that its clients did not suffer any damage because of the breach, it might be a bit different.
Tony Pepper, the chief executive of data security firm Egress, states that the email servers attacked might have contained private data which should not be exposed to cyber criminals. He emphasized the importance of two-factor authentication:
“This is why multi-factor access control such as two-factor authentication is important, especially for administrators. It makes it much harder to gain illicit access in the first place, and provides a warning if someone is trying to login without your knowledge.”
When possible, it is advisable to use this way of authentication to avoid data breaches and theft. You see, this method adds an extra step when it comes to logging into your accounts – for example, you receive a message to your phone with a unique code.
Deloitte stated that the government authorities were informed about this event.