Global accountancy firm Deloitte said on Monday it had been hit in a cyber attack that had compromised the data of a small number of its clients but gave few details about how its systems had been breached.
Attackers had accessed data from the company’s email platform, the company said in a statement, confirming a report by the Guardian newspaper.
Deloitte, one of the “big four” accountants, said it had mobilised a team of cyber-security experts to review its systems and to discover what information had been put at risk.
It said the review had found “only a very few clients” had been affected.
“No disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers,” a spokeswoman said in a statement.
The firm, which provides auditing, tax advice and consultancy to multinationals and governments, did not say when the attack occurred or how its defences had been breached.
The Guardian said the firm discovered the hack in March, but the cyber attackers could have had hacked into its systems as long ago as October or November 2016.
The attack was believed to have been focused on the U.S operations of the company, the Guardian report said.
Deloitte’s statement did not say when the attack took place or who was targeted.
Deloitte, which also provides cyber-security and consulting services, including helping businesses analyse potential acquisition targets, also did not say which units were affected.
It said it had implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cyber-security and confidentiality experts inside and outside of Deloitte.
The firm said it contacted government authorities immediately after it became aware of the incident, and it had contacted each client that had been affected.
An FBI representative declined to comment, saying it was bureau policy not to confirm or deny the existence of any investigations.