According to a report from the Guardian, which cited anonymous sources, the security breach affected up to 350 clients, some of which were very high profile, including US government departments (state, energy, homeland security and defence) and blue chip companies.
This is contrary to what Deloitte said last month when it claimed that “very few” of its clients had been impacted but that it had launched an internal review.
Deloitte said that it disputes in the strongest terms that it is “downplaying” the breach. “We take any attack on our systems very seriously.
“We are confident that we know what information was targeted and what the hacker actually did. Very few clients were impacted, although we want to stress that even when one client is impacted, that is one client too many.
“We have concluded that the attacker is no longer in Deloitte’s systems and haven’t seen any signs of any subsequent activities.
“Our review determined what the hacker actually did. The attacker accessed data from an email platform. The review of that platform is complete," the spokesperson added.
The Guardian report said that it is still unclear what and how much information was taken but that the hacker had access to emails, usernames, passwords and IP addresses. The attack targeted the firm's US operations, was discovered in March this year and could have begun as early as October 2016.