Using an administrative account without 2-factor authentication to gain access to their email system is the likely entry point for the September breach involving Deloitte, one of the world’s largest accounting firms. The attack appears to have only affected a limited number of the firm’s clients, though actual figures have remained quiet. In addition to the improperly managed client data, it was also revealed that the company’s entire email database, including administrative accounts, had been accessed by the attackers for an unknown amount of time. While the scale of this attack appears relatively small in comparison to Equifax, it should be known that Deloitte works with some of the largest organizations currently in operation and the sensitive nature of their information could be catastrophic if placed in the wrong hands.
