Deloitte's bad week.
On Monday Big Four accounting firm and consultancy Deloitte was reported to have sustained a breach that exposed some—Deloitte said six—customers' sensitive information.
Like its Big Four peers, Deloitte is a leading provider of cybersecurity consulting services. The firm was compromised through an admin account in October or November 2016; it discovered the breach in March 2017. Affected clients were told they may have been "impacted."
Deloitte's Microsoft Azure account was apparently compromised. Azure is Microsoft's cloud service, similar to Amazon Web Services or Google Cloud. The admin account through which the hackers gained their entrée seems to have been secured by a simple password, and not with any form of multifactor authentication. Information exposed includes emails, possibly usernames and passwords, IP addresses, and business and health information. Some of the content at risk may include sensitive security and design information.
Observers believed something was up when Deloitte retained Washington law firm Hogan Lowell at the end of April in connection with an unspecified cybersecurity matter (Guardian).