Deloitte says "no systems have been impacted", as Brain Cipher hacker group claims access to company's 1TB data
Dec 6, 2024
Ransomware group Brain Cipher claimed to have breached Deloitte UK, stealing over 1TB of sensitive data. Deloitte has denied the allegations, stating only a single client's isolated system was impacted and none of the company's systems were compromised.
Ransomware group Brain Cipher earlier claimed responsibility for a cyberattack on Deloitte UK. The hacker group also claimed stealing over 1 terabyte (1TB) of sensitive data. According to a report Cyber Security News, the group also submitted evidence of security protocol violation. It has also invited Deloitte representatives to engage in private discussions via corporate email, hinting at a possible ransom negotiation. However, Deloitte has denied that the allegations about the data breach affecting multiple clients of the company. A Deloitte spokesperson has also clarified that their investigation points to a single client's system being impacted. Moreover, this affected system is not connected to the company's main network, suggesting a more contained incident.
“No Deloitte systems have been impacted,” the company's spokesperson said to Infosecurity magazine.
Details of the alleged Deloitte breach
According to statements posted by Brain Cipher, the group exploited vulnerabilities in Deloitte UK's cybersecurity systems. They claim to have accessed and stolen compressed data exceeding 1 terabyte, which they allege includes:
Evidence of security protocol violations
Contractual agreements between Deloitte and its clients
Details of Deloitte's monitoring systems and security tools
Examples of compromised client data
The report also shares a screenshot of the alleged hacked website where Brain Cipher stated, “Soon we will tell you about this incident. We will provide an example of data that has leaked. The volume of compressed data is more than 1TB.”
Who is Brain Cipher
Brain Cipher gained notoriety in June this year for high-profile cyberattacks, including a disruptive breach of Indonesia’s National Data Center, affecting services for over 200 government agencies, including immigration and passport control.
Deloitte’s Response
As of now, Deloitte UK has not publicly confirmed or denied the breach. Cybersecurity experts are closely monitoring the situation for further updates.
[The Times of India]
