• by Ray Schultz , October 13, 2017

The Deloitte data breach, one of several hacks to hit the news in recent weeks, is being probed by the New York Attorney General.

“We’re investigating the data breach and its circumstances,” says Amy Spitalnick, a spokesperson for New York AG Eric Schneiderman.

The probe was first reported by The Wall Street Journal, which said the AG has reached out to Deloitte with questions about the “private information of New York State residents.” 

Deloitte, one of the Big Four accounting firms, contends that the breach has affected only a small number of clients, and that there was no impact on consumers.

According to reports, the ongoing cyber attack has compromised Deloitte’s email platform. Unnoticed for six months, the hack exposed data on six of the firm’s clients, they add. 

The attack reportedly was discovered in March, but may go back to October 2016. The hacker allegedly got into the firm’s global email server through an “administrative account,” requiring only a single password instead of two-step verification.  

Deloitte serves a variety of clients, from banks to governments.

Whatever the circumstances, the Deloitte breach did not make the top five data hacks reported by CIO, based on the number of people affected:

• Yahoo — 3 billion
• FriendFinder Networks — 412 million 
• Myspace — 360 million
• Adobe — 152 million
• Equifax — 145.5 million