The Guardian reported Monday that six Deloitte clients had information breached by a sophisticated attack and hackers potentially had access to usernames, passwords, IP addresses, architectural diagrams for business.
One of the biggest accounting firm Deloitte found that it had been hacked in March and hackers got access to its systems.
It's now unclear who was behind the attack, but for the past six months, Deloitte has been investigating the breach of its email server, which exposed some five million emails.
The firm said it contacted "governmental authorities immediately after it became aware of the incident".
The attack was said to have been discovered earlier this year, according to the report, and client information was leaked. Some 5 million emails were said to have been stored in the cloud when it was compromised, but Deloitte told The Guardian that only a fraction were actually at risk.
According to the Guardian, some company clients, including major companies and US government entities, had information in the company's email system at the time of the breach.
The hacker infiltrated the company's email server via an administrator's account that did not have two-step verification.
The firm, which provides auditing, tax advice and consultancy to multinationals and governments, did not say when the attack occurred or how its defenses had been breached.
"Deloitte remains deeply committed to ensuring that its cyber security defences are best in class, investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security".
This breach comes weeks after Equifax, the US credit monitoring agency, said the personal data of 143 million USA customers and 100,000 Canadian costumers had been accessed or stolen in a massive cyberattack in May. According to the Guardian, the breach has been kept under wraps since it was noticed by administrators in March.
Deloitte has already launched an investigation and contacted the people who were affected.
The Equifax breach was discovered in July, but those potentially affected were notified only in mid-September 2017. The team is said to be working out of the Rosslyn, Virginia office.
Deloitte also operates in Canada.