Accountancy firm Deloitte was the target of a sophisticated hack that compromised confidential emails and plans of some of its biggest clients, The Guardian said in an exclusive report on Monday. Deloitte confirmed to The Guardian it was a victim of a hack but insisted only a few clients were hit.

The report said the cybersecurity attack on Deloitte – which provides auditing, tax consultancy and cybersecurity advice to some of the world’s biggest banks, media enterprises and government agencies – went unnoticed for months. Six of Deloitte’s clients were told their information was “impacted” by the hack, which Deloitte discovered in March 2017, the report said. But the attackers may have had access to the systems since October or November 2016. The breach was US-focused.

The firm’s global email server was hacked through an “administrator’s account” that gave unrestricted “access to all areas”. Only a handful of Deloitte’s most senior partners and lawyers were informed and an internal inquiry was started, but no headway has been made yet.

Earlier this month, US credit monitoring agency Equifax said the personal data of 14.3 crore United States consumers were accessed by hackers between mid-May and July, in one of the largest data breaches in the United States.