On September 25, Deloitte, one of the worlds largest accountancy firms, was involved in a hack that compromised confidential emails and plans of some of the company’s blue-chip clients—originally believed to be a total of six. But when news broke of the company uncovering more clients affected by the hack, housing giants Freddie Mac and Fannie Mae were put into the mix inaccurately.
According to an article by The Guardian, sources speaking under anonymity said the company red-flagged and have been reviewing emails and attachments that could have come from the GSEs and other clients such as the U.S. Departments of State, Energy, Homeland Security, and Defense as well as the U.S. Postal Service. However, Tuesday afternoon, Deloitte put an end to the suspected news.
“Deloitte confirms that Federal National Mortgage Association (Fannie Mae) was not impacted by the cyber incident reported in the media on 9/25/2017 and subsequently on 10/10/2017.”
After further investigation, Deloitte believes the hack started in Fall of 2016 when it was moving its email from an in-house system to Microsoft’s cloud-based 365 service. Using an administrator’s account, the hackers got access to the entire email database, including staff’s correspondence with clients.
Though Fannie Mae and Freddie Mac said they were aware of the cybersecurity incident, neither GSE was aware of any impact to their respective companies.
“We are monitoring the situation closely, and we are working with Deloitte to understand what happened and what additional safeguards it may be considering,” Freddie Mac said in a statement of similar sentiment as Fannie Mae. “We take cybersecurity seriously as it relates to every aspect of our business.”