Accounting firm PwC has been under siege the past few weeks over a tax scandal and it’s just been dealt another blow as Russian hackers have obtained sensitive data.
Late on Monday, the Australian Financial Review reported that PwC had been caught up in a cyber security breach.
A notorious cyber crime syndicate called CI0P, which has made headlines in the past for its ransom demands, targeted the big four accounting firm.
The group reportedly obtained client data after hacking a third party software called MOVEit, that PwC used to transfer confidential information.
It’s not just PwC; a number of companies have been impacted due to the weakness the hackers discovered inside MOVEit.
Medibank and rival accounting firm EY have also been hacked, as they are also clients of MOVEit.
Last week, US authorities confirmed a number of American businesses had been breached.
Several US government agencies, as well as British Airways and the BBC, are among those who have been held to ransom by the cyber syndicate.
The worst case appears to be the US state of Louisiana, where every single current driver’s licence holder, identification car of car registration has had their information stolen.
The widespread hack reportedly occurred two weeks ago, and last week CI0P warned victims they had seven days to adhere to their ransom demands, or they would expose which companies had been hit and leak the stolen data on the dark web.
PwC said the hack had impacted a small amount of clients and that they have since stopped using MOVEit to disseminate information.
“We are aware that MOVEit, a third-party transfer platform, has experienced a cybersecurity incident which has impacted hundreds of organisations including PwC,” a PwC Australia spokesperson said.
“PwC uses the software with a limited number of client engagements.
“As soon as we learned of this incident we stopped using the platform and started our own investigation.”
They also added they had reached out to affected clients to notify them of the breach.
Health insurer Medibank and rival accounting firm EY also used the MOVEit software for sensitive client data.
As yet, EY is unsure if data has been breached.
An EY spokesperson told Sky News the business learned that MOVEit had a “a critical vulnerability” at the end of May.
“We immediately launched an investigation into our use of the tool and took urgent steps to safeguard any data,” an EY representative said.
“We have verified that the vast majority of systems which use this transfer service across our global organisation are secure and were not compromised. We are manually and thoroughly investigating systems where data may have been accessed.
“Our priority is to first communicate to those impacted, as well as the relevant authorities.
“Our investigation is ongoing.”
Medibank believes it has avoided a crisis.
“We continue to investigate and work closely with the vendor, and at this stage we are not aware of any of our customers’ data being compromised,” a spokesperson told The Australian.
PwC is just the latest Australian firm to have fallen victim to a sophisticated cyber attack.
Earlier this month, law firm HWL Ebsworth had stolen data related to hundreds of clients and spanned at least five years. The firm said in a court hearing it had spent more than 5000 hours battling the hack.
There was also the hack of financial firm Latitude, which saw the passport numbers, driver’s licences and/or Medicare numbers stolen from 333,000 customers.
Last year, Medibank and telco company Optus also lost millions of customer data to two separate hacks.
PwC has been on the rocks in recent weeks amid a controversial tax scheme.
In May, the financial services firm’s former head of international tax, Peter Collins was found to have leaked a confidential government briefing about combating tax avoidance with clients and partners.
Mr Collins has since been banned from acting as a tax practitioner, and federal Treasury has referred the scandal to the Australian Federal Police for a criminal investigation.
PwC Australia chief executive Tom Seymour also resigned after he was revealed to have received emails with confidential Treasury information from Mr Collins.
Last week, the NSW government revealed it would suspend engaging PwC on any new tax work due to the saga.