If you are not familiar with Deloitte, it is a $37 billion multi-national firm that provides accounting and consulting services to a range of clients from private industry to government. It’s clients are household names, among others. In a statement from the company, the hack is reported to impact “a very few clients.”
That said, this is notable, especially on the heels of the Equifax hack. Deloitte and firms like it, hold sensitive information about their clients businesses and strategy. Hacking a company like this, potentially uncovers a treasure trove of information related to untold number of businesses and individuals.
What is also notable about this hack is that it is reported to have happened in the United States and targeted the firms global email system. Some reports suggest that the hack was achieved by using an administrative account to gain privileged and presumably unrestricted access to the email system. This critical account is reported to have only required a password, not any form of two factor authentication to protect such an important account.
If true, simply having implemented two factor authentication could have prevented this breach. This is one of the reasons I am such a vocal proponent for two factor authentication. I use it on every account that supports it. Do you?