Deloitte said Monday that "very few" of the accounting and consultancy firm's clients were affected by a hack after a news report said systems of blue-chip clients had been breached.
The internal review, "Windham", has involved specialists analyzing documents for six months trying to map out exactly where hackers went by analyzing the electronic footprint of searches that were made. "We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity." the company statement added.
This is especially embarrassing for a firm that prides itself on helping other companies thwart online cybersecurity attacks.
If employees' stored emails were encrypted, which arguably most sensitive content should be, Pepper said it would then be impossible to decrypt each one, even with administrator access.
Tony Pepper, co-founder and CEO of data security and encryption Egress, said Deloitte was a "ripe target" because of the company's position at the top of the corporate food chain. The team is said to be working out of the Rosslyn, Virginia office.
"We will continue to evaluate this matter and take additional steps as required".
Deloitte insists that only a small fraction of its clients have been "impacted" by the breach.
Our review enabled us to determine what the hacker did and what information was at risk as a result.
There have been several high-profile cyber attacks this year.
It's understood the breach was focusses on the USA, and Deloitte's internal investigators were still not certain of who the attacker was, or whether it was a business, a state-sponsored hacker, or an individual.
About 400,000 people in the United Kingdom may have had their information stolen following the cybersecurity breach.
This spurred the FBI and the U.S. Federal Trade Commission to launch investigations.
The breached data may have included names, addresses, social insurance numbers and - in some cases - credit card numbers.
The Equifax breach was discovered in July, but those potentially affected were notified only in mid-September 2017.