Corporate finance firm Deloitte disclosed a data breach that compromised its internal emailing system, but apparently the breach only affected a “very few” clients.
Those “very few” clients may be not-so impressed with, what appears to be, the company’s attempts to shrug the data breach off as less-than serious just because a small minority of clients were affected.
The company ironically recently rolled out its Cyber Risk Services and even received applause for its growth in cyber intelligence. This kind of breach for a firm of this nature – much like the Equifax breach – is incredibly worrying.
The major finance company is continuing to provide ‘expert advice’ on cybersecurity as part of its services, all the while being reportedly investigated by authorities over the breach. The company has notified government authorities in the U.K. about the breach, and have instructed a team of cybersecurity specialists – sourced both internally and externally – to analyse the damage.
A Deloitte spokesperson said, “no consumers were affected by this incident”; but Eirk Gordon, an assistant university professor, believes that,”“whether or not consumers were hurt, if an intruder can hack Deloitte and get client information, that could give the client’s competitors an advantage.”
Those clients entrusted the company with their sensitive information in provision for Deloitte’s ‘industry leading’ business services. Compromising this information could result in huge financial losses for their clients, theoretically.
Cybersecurity expert Professor Alan Woodward of Surrey University also noted that the breach compromised some confidential email addresses belonging to clients. Woodward warns that most people expect their email addresses to be in the public domain, meaning some people will therefore create a specific confidential one for highly sensitive information. Cybercriminals who may now have these secondary email addresses could create much more sophisticated phishing attacks.
Deloitte’s approach has been adopted by many firms who identify the seriousness of a data breach by the number of affected victims. Too many companies try to take a different angle on a cyber-attack; perhaps in an attempt to side-step responsibility in remedying the breach.
Although it can be recognised that, the more people affected by a data breach the more harm there may be, we also recognise the individual’s distress and losses when suffering a data breach that was not their fault. No matter how many people are affected by a data breach, the organisation responsible for keeping their private information safe has a duty to identify and remedy the harm caused for every single client.
Deloitte say that the number of emails were only a ‘small fraction’ of those stored in their cloud database. The firm has not revealed what these emails contain and the potential damage that could arise from the breach.