iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Major consulting firm Deloitte says there is no sign that client data is at risk after an infamous threat actor claimed to have exfiltrated internal company communications
The company was listed on a popular dark and clear web hacking forum in late September by IntelBroker, the leader of the CyberN*****s ransomware gang, claiming to have email addresses, internal communications between users of the company intranet and other internal settings.
The breach reportedly occurred as a result of Deloitte accidentally exposing an Apache Solr server to the internet.
“They were using the default login credentials for this server, which was then breached,” said IntelBroker.
Within the listing, IntelBroker shared “proof” of the cyber attack, including screenshots of the server access and a sample which seems to suggest that the allegedly stolen data belonged to the Italian division of the company.
Speaking with Cyber Daily, Deloitte did not verify whether an attack had occurred, but said that client and customer data was not yet threatened.
“Our investigation has found no threat to client data or other sensitive data related to this incident.”
The latest incident follows last year’s MOVEit cyber attack in which threat actors claim Deloitte data was exposed.
Last year, the Cl0p ransomware gang claimed to have breached Progress Software’s MOVEit file transfer software, and accessed files belonging to users of the software.
Among the companies using the software were BBC, British Airways, Medibank, Shell, Estée Lauder, The University of Sydney, Transport for London and the big four consulting firms, KPMG, PwC, EY and Deloitte.
Despite Cl0p’s claims however, Deloitte said that the threat group was unsuccessful in exfiltrating any data.
While Deloitte does use Progress Software’s MOVEit software, it said that as soon as the vulnerability was disclosed, the appropriate patches and updates were immediately applied.
“Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance,” a company spokesperson said in a widely reported media statement.
“Our analysis determined that our global network use of the vulnerable MOVEit Transfer software is limited. Having conducted our analysis, we have seen no evidence of impact to client data.”
Additionally, whilst Cl0p posted data belonging to the other three big four consulting firms, it failed to post any data belonging to Deloitte.
Be the first to hear the latest developments in the cyber industry.
