Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: ITWiser Webmaster
Deloitte Breach continues!
It was reported last Monday that world known accountancy firm Deloitte was involved in a data breach last year. This was achieved by using an unsecure administrative user account which lead to emails and other pieces of information been leaked.
The top 5 in world accountancy firm Deloitte dismissed this hacking as a small incident, but after further investigation it was no surprise the firm was attacked by hackers. On Tuesday some more data was found lurking in a public facing repository and this time it was a collection of VPN usernames and passwords, it is believed that they belong to Deloitte. These confidential bits of information were then removed late yesterday night. In addition to that discovery, it has been reported than a Deloitte employee had uploaded the proxy login credentials to his public Google + page. The credentials had been up there for over 6 months but once again these were removed late last night.
There were also some other major security risks discovered on Tuesday, Deloitte has lots of internal systems some of these critical systems were public facing and also had remote desktop enabled. There was no reason for it to be setup in this way, these critical solutions should have been behind a secure firewall and setup with 2 factor authentication for further security. To top everything off Deloitte recommend their clients to use security measures such as firewalls but don’t implement them in their own setup.
This breach is clearly not a small incident it’s a rather major issue, any situation where a client’s personal data has been leaked and exposed is not a minor incident. Security procedures should have been in place to reduce the risk of this issue occurring, Deloitte may need to take some of their own advice and implement proper security measures.
ITWiser offer a wide range of services and solutions that can help prevent issues like this from affecting you and your business. We offer internal security audits and external security audits, these audits are designed to highlight issues inside and outside your business. For more information on these or on any of our other services please get in touch today.