Hackers Target "Big Four" Firm; SEC Bolsters Defenses Against Cyber-Criminals

Josh O'Neill

26 September 2017

Deloitte has revealed it suffered a cyber attack which allowed a hacker access to data affecting “very few” of its clients, just weeks after credit monitoring agency Equifax said it lost troves of data to cyber criminals.

Deloitte said in a statement it had contacted all of the affected clients and that “no disruption has occurred to client business, to Deloitte's ability to continue to serve clients, or to consumers” as a result of the hack. Government authorities were notified immediately after Deloitte became aware of the breach, it said.

The firm explained that the hacker accessed data through an email platform. It subsequently conducted “an intensive and thorough review” of the incident using cyber-security and confidentiality specialists from Deloitte and outside the group, it said.

News of the Deloitte hack follows two other major data breaches reported in recent times. Earlier this month, Equifax said that hackers had obtained access to swathes of personal data tied to some 143 million US citizens. Last week, the US Securities and Exchange Commission unveiled that a hack on its corporate filing system, EDGAR, in 2016 might have led to illicit gains. The issue of cyber-security is an increasingly urgent one for North America's wealth management sector. This publication recently held a conference in New York to discuss such issues, from which a report is forthcoming.

Now, the SEC, Wall Street's main watchdog, has announced two new initiatives that will “build on its enforcement division's ongoing efforts” to fight cyber threats.

The regulator will establish a “cyber unit” that will focus on “targeting cyber-related misconduct”, and will also create a “retail strategy task force” to develop “proactive, targeted initiatives to identify misconduct impacting retail investors,” it said yesterday in a statement.

“Cyber-related threats and misconduct are among the greatest risks facing investors and the securities industry,” said Stephanie Avakian, co-director of the SEC’s enforcement division. “The cyber unit will enhance our ability to detect and investigate cyber threats through increasing expertise in an area of critical national importance.”