Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Deloitte internal communications allegedly leaked, firm says client data currently safe

Major consulting firm Deloitte says there is no sign that client data is at risk after an infamous threat actor claimed to have exfiltrated internal company communications.

user icon Daniel Croft
Thu, 03 Oct 2024
Deloitte internal communications allegedly leaked, firm says client data currently safe
expand image

The company was listed on a popular dark and clear web hacking forum in late September by IntelBroker, the leader of the CyberN-----s ransomware gang, claiming to have email addresses, internal communications between users of the company intranet and other internal settings.

The breach reportedly occurred as a result of Deloitte accidentally exposing an Apache Solr server to the internet.

“They were using the default login credentials for this server, which was then breached,” said IntelBroker.

============
============

Within the listing, IntelBroker shared “proof” of the cyber attack, including screenshots of the server access and a sample, which seems to suggest that the allegedly stolen data belonged to the Italian division of the company.

Speaking with Cyber Daily, Deloitte did not verify whether an attack had occurred, but it said that client and customer data was not yet threatened.

“Our investigation has found no threat to client data or other sensitive data related to this incident,” it said.

The latest incident follows last year’s MOVEit cyber attack in which threat actors claim Deloitte data was exposed.

Last year, the Clop ransomware gang claimed to have breached Progress Software’s MOVEit file transfer software and accessed files belonging to users of the software.

Among the companies using the software were BBC, British Airways, Medibank, Shell, Estée Lauder, the University of Sydney, Transport for London, and the big four consulting firms, KPMG, PwC, EY and Deloitte.

Despite Clop’s claims, however, Deloitte said that the threat group was unsuccessful in exfiltrating any data.

While Deloitte does use Progress Software’s MOVEit software, it said that as soon as the vulnerability was disclosed, the appropriate patches and updates were immediately applied.

“Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance,” a company spokesperson said in a widely reported media statement.

“Our analysis determined that our global network use of the vulnerable MOVEit Transfer software is limited. Having conducted our analysis, we have seen no evidence of impact to client data.”

Additionally, while Clop posted data belonging to the other three big four consulting firms, it failed to post any data belonging to Deloitte.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.