A Guardian report in September said a Deloitte global email server was hacked, giving hackers access to emails to and from the company's staff as well as customer information on some of the company's top federal and private sector clients.
The report said the hackers could have accessed information such as usernames, passwords, IP addresses and architectural design diagrams. Deloitte discovered the attack in March, according to the report, with hackers having been in the company's systems dating back to October or November 2016.
Deloitte was not using two-factor authentication on the email server, which was hosted on the Azure cloud service, according to the report. The report said the server was compromised through an admin account.
Deloitte confirmed the hack, but said only a few clients were impacted by the attack. The company said it had engaged in a comprehensive security protocol investigation, and notified clients at risk.