June 24, 2018

Deloitte Tries To Play It Cool After Cyberattack

deloitte cyberattack

Deloitte, the biggiest of the Big 4, has joined the ranks of the hacked. This morning, The Guardian reported that the firm was the latest massive organization to have suffered a cyberattack, and that confidential client information was the target. To make matters worse, Deloitte failed to notice the breach for months. And to add a little insult to injury:

The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.

The account required only a single password and did not have “two-step“ verification, sources said.

Oh, boy. That’s embarrassing. That’s right up there with Equifax’s bumbling of their own security.

The Guardian report has vague details, the kind that are satisfying but still unfulfilling:

The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte’s most senior partners and lawyers were informed.

The Guardian has been told the internal inquiry into how this happened has been codenamed “Windham”. It has involved specialists trying to map out exactly where the hackers went by analysing the electronic trail of the searches that were made.

The team investigating the hack is understood to have been working out of the firm’s offices in Rosslyn, Virginia, where analysts have been reviewing potentially compromised documents for six months.

It has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were responsible.

In my imagination, one of the other Big 4 firms created a slush fund to pay for the operation. Remember that cabal of Deloitte spies that was reported on late last year? What if this is revenge? Don’t dismiss the possibility!

Anyway, the backdrop of all this, of course, is that Deloitte markets itself as an expert in cybersecurity. The most sophisticated companies in the world ask Deloitte for help safeguarding their stuff and now Deloitte has been exposed for its dodgy security. A firm spokesman told The Guardian that it has contacted “the very few clients impacted and notified governmental authorities and regulators.”

If I were a client of Deloitte, I’d be…unconvinced? It always seems like when a scandal hits a huge company, they play it down, only to discover a week or two later that the bad event was worse than they thought. If a professional services firm suffers a breach because someone failed to use two-factor authentication, I think a fair number of people would question everything they had to say about the situation.

[The Guardian]

Related articles

Deloitte: Folding Like a Cheap Lawn Chair?

deloitte.jpgIs it possible that the spinelessness of the FASB is spreading some of the firms?
Motely Foley is reporting that MGM Mirage got the Big D to drop the going concern language from its “financial assessment” which we confirmed with the author, Bob Steyer, that indeed meant the audit opinion.
Doing a little digging on this whole sitch, we found that MGM has done some duct tape repairs to its balance sheet in order to convince its banks and Big D that nothing is fucked.
Deloitte, wanting to be troopers and all, probably just had to step back from the whole thing to get perspective. “Yeah, when you look at it from back here, $14.4 Billion in debt doesn’t really look that bad.”

MGM Back From the Brink — for Now
[Motley Fool]

Deloitte May Be the #1 Firm of No Fun

heelys.jpgRegardless of who a client is or what their business is, accounting firms don’t like to lose them. Lost revenue, a little bit of a slap in the face, a promise that wasn’t delivered (which, let’s be honest, really isn’t all that rare).
For whatever reason, we find the story that Heelys, the skate shoe company, having fired Deloitte as their auditor, has to be an especially tough pill to swallow for the Big D.
Why, you may ask? How about the fact that Heelys MAKES SHOES THAT HAVE WHEELS ON THEM which might be something fun.
According to Reuters, Heelys gave Deloitte-period the heave-ho primarily because of cost considerations. That may be true but something tells us that the real reason might have been Deloitte putting the kibosh on Heelys request of the audit team to wear the skate shoes while working at the client’s HQ.
Deloitte, like all Big 4 firms, being the fun killer, likely argued that skate shoes did fall under acceptable attire in its dress code.
It was probably only a matter of time until the Heelys audit committee concluded that they had to find another audit firm with smaller sticks up their asses. Partners on the engagement are now quietly stewing with their decision that may have put their firm solidly in the #1 slot for hating all things fun.

Heelys dismisses accounting firm
[Reuters]