A hacker known as “303” has allegedly breached Deloitte’s systems, leaking sensitive data including GitHub credentials and proprietary source code. The stolen information reportedly belongs to Deloitte’s U.S. consulting division, potentially allowing the attacker to access internal development systems and software projects.
This breach follows a pattern of cybersecurity issues for Deloitte. In December 2024, the Brain Cipher ransomware group claimed responsibility for an attack on the company, though Deloitte maintained that no internal systems were affected. Deloitte’s cybersecurity history goes back further,back in 2017, a breach exposed VPN credentials and operational details on a public GitHub repository, sparking concerns over how the company handles sensitive information.
The hacker “303” has been linked to previous high-profile attacks, including a breach of an Indian software firm that affected major insurance providers. Experts believe this points to a wider campaign targeting large corporations and government agencies, suggesting “303” may be part of a more organised threat group.
The impact of the breach is still unclear, and Deloitte has yet to comment publicly on the incident. However, the exposure of internal credentials and proprietary code could have significant consequences, both for Deloitte’s operations and its clients. The company is reportedly investigating the breach and working with cybersecurity experts to understand its scope.
While Deloitte has faced multiple security challenges, this latest breach highlights the ongoing risks for large consulting firms handling sensitive data. The situation is still developing, and more information is expected as investigations continue.
Author:Oje.Ese