Accountancy firm Deloitte says it will not be releasing any more details about the data breach that it suffered in March this year.
In response to a query from iTWire, asking whether anyone was willing to answer some queries, Deloitte Australia corporate communications chief Ben Findlay said: "Deloitte provided a detailed response to this back in October, which you can find on our website.
"I'm afraid we are unable to provide any more details than that fairly comprehensive statement."
The statement that the spokesman referred to said Deloitte's "intensive and thorough review" into the incident was complete.
{loadposition sam08}It said that it had hired an outside company and immediately executed steps to stop and contain the attack; ascertained the size and scope of the attack; determined what the attacker targeted; reviewed materials targeted by the hacker;
contacted impacted clients; alerted authorities; took additional targeted steps to further enhance our overall security architecture; determined that the attacker is no longer in Deloitte’s system; and ascertained that no disruption occurred to client businesses, to Deloitte's ability to serve clients, or to consumers.
There were no specifics in the statement. Media reports had said that the server which was compromised hosted email from about 350 clients, in sharp contrast to Deloitte's claim that "very few clients" were affected.
Hey look, a deloitte server with 445 exposed to the internethttps://t.co/BMFJqG0s3m
— Dan Tentler (@Viss) 25 September 2017
production tax dns server
what could possibly go wrong? pic.twitter.com/IeHSf7L1Vz
Additionally, mail from some of the world's biggest multinationals was said to be involved in the breach.
The Guardian, which broke the story on 25 September, reported in October that material from US state, energy, homeland security and defence departments; the US Postal Service; the National Institutes of Health; and housing agencies Fannie Mae and Freddie Mac was affected.
"Football’s world governing body, Fifa, had emails in the server that was breached, along with four global banks, three airlines, two multinational car manufacturers, energy giants and big pharmaceutical companies," The Guardian report claimed.
The Deloitte October statement did not touch on any of these claims.
Security professionals had said that in some Deloitte offices, ports 445 and 139, common points of attack in Microsoft systems, were exposed to the Internet, suggesting that Deloitte did not know a great deal about security.
When this was pointed out to an Israel-based security expert, Itay Glick the chief executive of Votiro, he told iTWire "They might know a great deal about security, but they've done very little to make sure they and their vast amount of data are safe, and so it backfired."
Deloitte did not deal with these assertions in its statement either. Its review "and our continued and significant investments in our cyber security capabilities, reflect our commitment to protecting the information of Deloitte clients and stakeholders", as per the company's October statement.