Even “security consulting” firms get hacked
I have to confess – I love irony.
… Sounds nice, but the reality is more like this …
Sounds like their Office 365 admin account got hacked … because they used neither the built-in 2FA on Azure nor a privileged access management system. Like our friends at Equifax, Deloitte delayed public disclosure as long as possible and is actively down-playing the scope of the (very serious, it seems) compromise.
Would you take security advice from a firm that got hacked in this way and failed to disclose to their customers?