World’s Largest Accounting Firm, Deloitte Touche Tohmatsu Email System (Microsoft Exchange) Hacked by Unknown Hacker

World’s Largest Accounting Firm, Deloitte Touche Tohmatsu Email System (Microsoft Exchange) Hacked by Unknown Hacker

Unknown Hackers have managed to hack Deloitte Touche Tohmatsu's Microsoft Exchange Email Servers exposing millions of confidential emails.

The world’s Largest accounting firm, Deloitte Touche Tohmatsu has had their data compromised by a simple yet detrimental windows server credential breach that managed to allow an unknown hacker to infiltrate their Microsoft Exchange Email Platform exposing millions of emails and business plans of some of its Fortune 500 and Government Clients.

Who is Deloitte Touche Tohmatsu Limited

Deloitte Touche Tohmatsu Limited commonly referred to as Deloitte, is a UK-incorporated multinational professional services firm with operational headquarters in New York City in the United States.

They filed a record breaking financial report of $37bn (£27.3bn) in revenue last year alone. Deloitte provides auditing, tax consultancy and high-end cyber security advice to some of the world’s biggest multinational companies, finance houses, media conglomerates, pharmaceutical firms and state agencies.

How the Hack Was Done

The unknown hackers managed to breached the firm’s global email servers (Microsoft Exchange On Azur) using a windows Azur domain admin  account that allowed them unrestricted across all the Organization’s Email and Data Silos.

As the writing of this report, a few of Deloitte’s clients have been told their information were accessed by the hack. It is understood that Deloitte’s award winning cyber security unit and Microsoft is investigating the issue and an internal review into the incident is ongoing.

After reviewing suspicious audit trails, internal cyber security security personnel launched an internal inquiry dubbed Operation “WindHam” after noticing several discrepancies in and around March of this year, with logs showing unauthorized access to the Microsoft Exchange servers since October  2016.

The account required only a single password and did not have “two-step“ verification, sources said.

The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte’s most senior partners and lawyers were informed.


It is understood that the firm partnered with  US law firm Hogan Lovells on “special assignment” to review what it called “a possible cyber security incident”.

The Washington-based firm has been retained to provide “legal advice and assistance to Deloitte LLP, the Deloitte Central Entities and other Deloitte Entities” about the potential fallout from the hack.


In 2012, Deloitte, which has offices all over the world, was ranked the best cybersecurity consultant in the world.

Earlier this month, Equifax, the US credit monitoring agency, was also hacked tho using a different method. had been accessed or stolen in a massive hack in May. It has also revealed it was also the victim of an earlier breach in March.

About 400,000 people in the UK may have had their information stolen following the cyber security breach. The US company said an investigation had revealed that a file containing UK consumer information “may potentially have been accessed”.

The data includes names, dates of birth, email addresses and telephone numbers, but does not contain postal addresses, passwords or financial information. Equifax, which is based in Atlanta, discovered the hack in July but only informed consumers last week.