Reports say that Israel alerted the US to the dangers Kaspersky security products posed to its users. Israeli intelligence officers monitoring Russian activity saw them using Kaspersky software as what the New York Times calls "an improvised search engine." They notified their American colleagues, and, the Times reports, this is the background to the US Government's decision to ban Kaspersky products from its networks.
Israeli intelligence services penetrated Kaspersky in 2014, sources say. Kaspersky discovered (and disclosed, without attribution) Israeli presence on its networks in 2015. Antivirus software is an attractive target because of the system access it receives.
It remains unclear whether Kaspersky was complicit in the exploitation, whether Russian services hacked Kaspersky, or whether those services infiltrated their agents into the company's workforce. Many observers think it unlikely that any Russian company would be able to refuse a request from their country's security services.
Another major consultancy has suffered data exposure. UpGuard reports that on September 17 their researchers found sensitive data belonging to Accenture exposed in four unsecured Amazon Web Services S3 buckets. It's unclear whether the data, now secured, were obtained by bad actors (Accenture says the only unauthorized scan they've detected came from UpGuard). Accenture also says the material exposed, including keys and credentials, was related to a decommissioned system.
Deloitte's breach may have grown worse. The Guardian reports that three-hundred-fifty clients (including US Government agencies and multinational corporations) suffered exposure. Deloitte, which had put the number of affected clients at six, disputes the report.