Deloitte confirms hack exposed email system

Tax and auditing giant Deloitte has confirmed it was targeted by a cyberattack, resulting in the theft of confidential documents and emails.

The New York-headquartered company confirmed the breach in an email to sister-site CNET after news of the breach was first reported by The Guardian.

In an email, the company said that there had been no disruptions to client businesses or its own operations.

Deloitte stands as one of the largest private companies in the US, which reported $38.8 billion in revenue last fiscal year. It offers tax, auditing, consulting, and cybersecurity advisory services to major governments and large Fortune 500 multinationals.

But it was the company's own cybersecurity effort that was undermined, according to The Guardian's report.

The report said that the unknown attacker gained access to the email server's administrator account, giving the attacker unfettered access to the company's Microsoft-hosted email mailboxes.

The account did not have two-factor authentication, which would have alerted the account owner to unauthorized use of the account, and may have prevented the attacker's access.

Lack of two-step verification led to a similar, albeit smaller breach of the UK parliament's email systems earlier this year.