The ransomware group Brain Cipher has claimed responsibility for a data breach at Deloitte UK, reportedly exfiltrating over 1 terabyte of sensitive data. Brain Cipher, which emerged in June 2024, has gained notoriety for its cyberattacks worldwide, including a significant attack on Indonesia's National Data Center. The group publicized the Deloitte breach, highlighting what they described as elementary security flaws in Deloitte's infrastructure and promising to release further details, including examples of compromised data and an analysis of Deloitte's security tools. A December 15th ransom deadline has been mentioned.
Deloitte UK has yet to confirm the incident or the extent of the data exfiltration. The alleged breach raises concerns about the potential impact on Deloitte's clients and their confidential information, including client data and financial records. Brain Cipher's statement indicated the stolen data included compressed data exceeding 1 TB, and the group has invited Deloitte to private discussions, suggesting a potential ransom negotiation. Cybersecurity experts are closely monitoring the situation given the scale of the alleged data theft and the potential reputational damage to Deloitte.