Leak at Deloitte
On 4 December 2024, the Brain Cipher ransomware group publicly claimed to have stolen over 1 TB of data from Deloitte UK; Deloitte said the allegations related to a single client's system outside its own network and that no Deloitte systems were impacted.
- Victim
- Deloitte
On 4 December 2024, Deloitte β the "Big Four" professional services and consulting firm β was named on the leak site of the Brain Cipher ransomware group, which claimed to have exfiltrated more than 1 terabyte of data (described as the compressed volume) from Deloitte UK. The gang threatened to publish the files unless a ransom was paid.
Deloitte disputed the framing of the claim. The firm stated that its investigation indicated the allegations related to "a single client's system which sits outside of the Deloitte network" and that "no Deloitte systems have been impacted." No independent confirmation of the alleged dataset's contents or provenance was published alongside the claim.
Brain Cipher is a ransomware-as-a-service operation first seen in 2024, whose payloads have been linked to leaked LockBit 3.0 code. The group made the Deloitte claim as part of a double-extortion campaign, pairing a data-theft allegation with a public deadline.
- Alleged volume: over 1 TB (claimed, compressed)
- Data categories: not independently verified
- Actor: Brain Cipher ransomware group
- Vector: claimed compromise of a client-operated system (per Deloitte), not Deloitte's own network
Status remains unconfirmed: the breach claim was contested by Deloitte and the leaked data was not independently validated.
Sources
- cybersecuritynews.comhttps://cybersecuritynews.com/deloitte-hacked/
- securityweek.comhttps://www.securityweek.com/deloitte-responds-after-ransomware-groups-claims-data-theft/
- securityaffairs.comhttps://securityaffairs.com/171827/cyber-crime/deloitte-denied-its-systems-were-hacked-by-brain-cipher-ransomware-group.html