Damage Assessment: UN, US Government Agencies Blindsided by Audit Company Hack

The hackers who managed to breach the Deloitte IT security last year were able to gain access to a server containing emails from some of the company’s most prominent clients, including "four US government departments, the United Nations and some of the world’s biggest multinationals," the Guardian reports.

The newspaper points out that while Deloitte apparently attempted to downplay the scale of the security breach, claiming that it had only impacted six of the company’s clients, sources familiar with the matter told the newspaper that "the incident was potentially more widespread" and that Deloitte is not completely sure what data was stolen by the hackers.

The list of entities that had data on the compromised server includes the US departments of state, energy, homeland security and defense; the US Postal Service; the National Institutes of Health; housing giants Fannie Mae and Freddy Mac; and FIFA, along with "four global banks, three airlines, two multinational car manufacturers, energy giants and big pharmaceutical companies."

Deloitte argued that the hackers only targeted a "small fraction" of emails contained on the server and that "none of the companies or government departments had been "impacted", but the Guardian claims its sources contest these assurances.

According to the newspaper, the hackers were able to gain access to Deloitte’s server using an admin account and "had free rein in the network for a long time", so it is difficult to assess the full extent of the damage.

The hackers apparently managed to breach Deloitte’s network in October or November 2016, and the company apparently managed to detect the intrusion only in March this year.