show image

Deloitte hack: Any impact on UK businesses would be “minimal”, say government officials

Government cybersecurity officials have not seen any evidence to suggest that British businesses have been significantly affected by the Deloitte cyber attack, NS Tech can disclose.

The professional services firm, which provides cyber security consultancy, confirmed this morning that an attacker had accessed some clients’ confidential data after hacking into an email server.

But a spokesperson for the National Cyber Security Centre said any impact on British data had been “minimal”. The ICO reiterated that message, adding that investigations were ongoing.

Deloitte said that the “very few clients” that were hit had been contacted. It did not comment on whether any were British, but said that “no disruption has occurred to client businesses”.

Deloitte has not commented on the content of the information that was accessed by hackers. But the breach has raised fears that hackers could use stolen email addresses to launch phishing attacks on businesses.

“Many people expect their email address to be in the public domain,” Alan Woodward, a cyber-security expert at Surrey University, told the BBC.

“But what most people have done when dealing with confidential matters is they have a second address – and it looks like it is that one that may have been let out here.

“Is it immediately going to be mean people’s data will be breached? Not really – but the secondary, more confidential email addresses mean phishing can become much more sophisticated.”

The Guardian, which first reported the hack, said the breach was discovered in March, but happened in October or November 2016. Deloitte said the relevant government authorities were contacted immediately.