Deloitte’s statement confirmed a report on Monday by the Guardian newspaper, which broke the news of the attack.
According to the report, the attack appeared to target the global company’s operations in the United States. The breach was reportedly discovered in March, but could have begun as early as October 2016.
The report went on to say that Deloitte had contacted six clients, but the firm declined to name the clients affected, nor who it had contacted or the nature of the data stolen.
It did confirm the Guardian’s report which stated that the hackers stole data accessed from the email platform.
Deloitte is known as a ‘Big Four’ company, providing a range of services which includes accounting, auditing and consulting services, in addition to a cyber security business designed to help clients defend their networks from attack and investigate breaches.
It confirmed implementing “comprehensive security protocol” after the breach was discovered and used both internal and external experts to assist in responding to the attack.
The company also confirmed contacting government authorities as soon as the breach was discovered.
The breach at Deloitte’s is the latest in a number of attacks targeted at organizations handling sensitive financial data and has rattled lawmakers, regulators and consumers alike.
“No disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers,” Deloitte’s statement said in an effort to allay client fears.