Deloitte said it immediately contacted government authorities and the affected clients after discovering the hack, which stemmed from a breach in an email platform, the firm said in a statement.
“Only very few clients were impacted,” the company said. “No disruption has occurred to client business, to Deloitte’s ability to continue to serve, or to consumers.”
“Deloitte remains deeply committed to ensuring that its cyber-security defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security,” the company said.
The Guardian reported Monday that six Deloitte clients had information breached by a sophisticated attack and hackers potentially had access to usernames, passwords, IP addresses, architectural diagrams for business.
Deloitte discovered the attack in March, but the hackers may have had access to the information since October or November 2016, the newspaper reported.
The Guardian described the breach as a “deep embarrassment” for the company in part because it advises clients on cybersecurity.
The Deloitte hack comes on the heels of numerous attacks on major institutions and companies in recent years. Credit ratings service Equifax is under fire after disclosing this month a breach of its systems that exposed data from about 143 million US customers.
Last week, the US Securities and Exchange Commission disclosed that a software vulnerability allowed hackers to gain “nonpublic” information that could have enabled them to make profits with inside information.