By Paul Sandle and Jim Finkle
LONDON/TORONTO (Reuters) - Global accounting firm Deloitte [DLTE.UL] said on Monday it was the victim of a cyber attack that affected the data of a small number of clients, providing few details on the breach.
Deloitte said in a statement that attackers accessed data from the company's email platform, confirming some details in a report by the Guardian newspaper, which broke news of the hack on Monday.
The attack appeared to target the firm's U.S. operations, was discovered in March and could have begun as early as October 2016, according to the Guardian. Deloitte's statement did not confirm those details.
- PHOTOS: New art and old relics at Mickey Mouse's NYC gallery 25 Pictures
- PHOTOS: See Yes on 3 supporters react to historic transgender rights Question 3 win 11 Pictures
- PHOTOS: A look back at Queen performing in the 1970s and 1980s 22 Pictures
- All of these celebrities have had their nudes leaked 35 Pictures
- PHOTOS: A look at Idris Elba's style through the years 20 Pictures
- PHOTOS: Heidi Klum's annual Halloween party and other amazing celebrity costumes 17 Pictures
- These are the spookiest cities per capita in the U.S. 5 Pictures
- Food Network star talks pumpkin carving 1 Pictures
- Who is Alexander Edwards, Amber Rose's new boyfriend? 9 Pictures
- Is Cardi B pregnant again? This tweet has people guessing 6 Pictures
- Natural Museum's best wildlife photos of the year 5 Pictures
The breach at Deloitte, which says its customers include 80 percent of the Fortune 500, is the latest in a series of breaches involving organizations that handle sensitive financial data that have rattled lawmakers, regulators and consumers.
The U.S. Securities and Exchange Commission, Wall Street's top regulator, and Equifax Inc <EFX.N>, one of the largest credit-monitoring bureaus, this month reported that confidential filings and sensitive personal data were compromised by hackers.
"These are targeted attacks on financial opportunity," said Shane Shook, an independent consultant who helps financial firms investigate cyber attacks. "This trend is going to continue to grow."
The firm said it contacted government authorities immediately after it became aware of the incident, and notified each of the "very few clients" that had been affected.
Deloitte is a "Big Four" firm that provides accounting, auditing and consulting services, including advice on mergers and acquisitions. It also runs a cyber security business that helps customers defend their networks and investigate breaches.
The Guardian said Deloitte had contacted six clients. The company did not name the clients, confirm the number of clients it had contacted or say what type of data was stolen.
"No disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers," the statement said.
Deloitte said it had implemented a "comprehensive security protocol," after the incident was discovered, using internal and external experts to help respond.
Mark Rasch, a former federal cyber crimes prosecutor, said it is too soon to say how serious the attack was because so little is known about what happened.
Still, he said the attack was "a big deal" because Deloitte holds sensitive information about its customers across business units that provide accounting services, review data on potential acquisitions and perform cyber security services.
A U.S. Federal Bureau of Investigation spokeswoman declined to comment, citing agency policy to neither confirm nor deny investigations.
(Reporting by Paul Sandle and Jim Finkle; editing by Jane Merriman and Meredith Mazzilli)