A hack at global accounting firm Deloitte disclosed in September compromised a server with emails of some 350 clients, including U.S. government agencies and large corporations, the Guardian reported on Tuesday, citing unnamed sources.
Deloitte disputed the story, saying "very few" clients were affected" in a statement emailed to Reuters.
"We take any attack on our systems very seriously," the statement said. "We are confident that we know what information was targeted and what the hacker actually did."
Deloitte said on 25 September that it was the victim of a cyber attack that affected the data of a small number of clients, providing few details on the breach.
Deloitte said in a statement that attackers accessed data from the company's email platform, confirming some details in a report by the Guardian newspaper, which broke news of the hack in late September.
The attack appeared to target the firm's US operations, was discovered in March and could have begun as early as October 2016, according to the Guardian. Deloitte's statement did not confirm those details.
The breach at Deloitte, which says its customers include 80 per cent of the Fortune 500, is the latest in a series of breaches involving organisations that handle sensitive financial data that have rattled lawmakers, regulators and consumers.
"These are targeted attacks on financial opportunity," said Shane Shook, an independent consultant who helps financial firms investigate cyber attacks. "This trend is going to continue to grow."
The firm said it contacted government authorities immediately after it became aware of the incident, and notified each of the "very few clients" that had been affected.
(Reporting by Jim Finkle in Toronto; Editing by Susan Thomas and James Dalgleish – additional reporting by Paul Sandle and Jim Finkle; editing by Jane Merriman and Meredith Mazzilli)