Deloitte has issued a statement in response to a ransomware group’s claims regarding the theft of a significant amount of information belonging to the company. 

The ransomware group calling itself Brain Cipher listed Deloitte UK on its Tor-based website last week, claiming to have obtained over one terabyte of data (they claim this is the volume of the data when compressed).

The hackers are threatening to make the stolen files available in five days from now, unless a ransom is paid. 

“We are aware of the claims by the threat actor,” a Deloitte spokesperson told SecurityWeek. “Our investigation indicates that the allegations relate to a single client’s system which sits outside of the Deloitte network. No Deloitte systems have been impacted.”

Brain Cipher has been around since at least April 2024, but it became known in June, after it targeted an Indonesian data center and caused significant disruption to government and other critical services in the country. 

The threat group has targeted dozens of organizations, including in the healthcare, education and manufacturing sectors. They deliver file-encrypting malware that is based on LockBit, and also steal data from victims. Some ties have been found to the ransomware groups named SenSayQ and EstateRansomware.

This is the second time Deloitte has had to respond to hacking claims in recent months. In September, the notorious hacker IntelBroker claimed to have stolen sensitive data, but the audit and consulting giant said at the time that impact was limited.

Related: BT Investigating Hack After Ransomware Group Claims Theft of Sensitive Data

Related: Energy Sector Contractor ENGlobal Targeted in Ransomware Attack

Related: Two UK Hospitals Hit by Cyberattacks, One Postponed Procedures