But now it appears — as is often the case — the attackers may have gained access to far more information than Deloitte would care to admit.
information shared by a person with direct knowledge of the incident said the company in fact does not yet know precisely when the intrusion occurred, or for how long the hackers were inside of its systems.
Additionally, forensic investigators identified several gigabytes of data that had been transferred to a server in the United Kingdom.
Amazingly, the hackers got into Deloitte’s systems via an administrator account protected only with a single password. That means Deloitte was not using multi-factor authentication, which is pretty much Cybersecurity 101 these days.
vastly increases security by requiring at least one other form of identity verification in addition to a password, such as a text message sent to a mobile phone.
If your firm doesn’t have a secure way to manage passwords with multi-factor authentication, I highly recommend LastPass for Business.
That Word doc on your desktop called “Passwords” isn’t going to cut it anymore.