Deloitte has become the latest major corporation to fall victim to hackers, with rumors suggesting five mln emails are at risk.

Reports surfacing Tuesday mention six “blue-chip” customers across the firm’s international presence have felt an “impact” from a hack which “went unnoticed for months,” according to the Guardian.

A dedicated task force is attempting to find the source of the attack, while blame is already pointing to lax security setups.

Like the now infamous Equifax breach which surfaced earlier this month, Deloitte’s cache of 244,000 staff emails were accessed from an ‘admin’ account which lacked even two-factor authentication.

Hackers also “had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information,” the publication continues, adding that “some emails had attachments with sensitive security and design details.”

Despite senior executives knowing about the events, as with Equifax, official acknowledgment has come only months afterwards.

Responding, Civic CEO Vinny Lingham suggested Deloitte’s competing platform could learn from the Blockchain-based decentralized model his company employed in the identity sphere.

Deloitte itself meanwhile refuted the idea that millions of emails were involved. A spokesperson said:

“Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested.”