Accountancy and consulting firm Deloitte has become the latest big-name organisation to be cracked by hackers in an attack that has exposed its entire email system - and the attack could be down to lax practices by the company, leaving an Active Directory server with RDP ports open and exposed on the internet.
The first reports came via The Guardian, and come just a week after credit-reference agency Equifax suffered a massive data breach, exposing the personal information of 143 million US citizens.
The reports suggest that hackers were able to break into Deloitte's systems using an unsecured administrator's account, giving them full access to the company's five million cloud-hosted emails.
Hackers are said to have accessed confidential emails and plans of Deloitte's blue-chip clients, along with usernames, passwords, IP addresses, architectural diagrams for businesses and health information.
Deloitte first learned of the breach in March, according to the Guardian, but its systems could have been vulnerable since October 2016.
The company confirmed to the Guardian that it had been the victim of "a cyber incident", but claimed that only a small amount of clients have so far been told their accounts were affected by the hack.
According to the report, six of Deloitte's clients - which include some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies - have been notified.
"In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte," a Deloitte spokesperson said.
"As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.
"The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte's ability to continue to serve clients, or to consumers.
"We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required."
It is not yet known who is responsible for the attack, with The Guardian noting that the firm has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were to blame.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all