Editing Deloitte (section)

==Controversies==
===Australian tobacco industry===
In 2011, Deloitte was commissioned by the tobacco industry to compile a report on illicit [[tobacco]]. The [[Australian Customs and Border Protection Service]] officials called the report "potentially misleading", and raised concerns about the "reliability and accuracy" of the data.<ref name=abctobacco>[https://web.archive.org/web/20110816152622/http://www.abc.net.au/mediawatch/transcripts/1118_customs.pdf Australian Customs and Border Protection response to Media Watch], [[Australian Broadcasting Corporation|ABC]]
</ref> When a second Deloitte report focusing on [[counterfeit]] cigarettes was released, Home Affairs Minister [[Brendan O'Connor (politician)|Brendan O'Connor]] described the second report as "baseless and deceptive" and "bogus".<ref>[http://www.news.com.au/national/bogus-smoke-a-2-billion-waste/story-e6frfkvr-1226092757819 Joe Hildebrand] {{Webarchive|url=https://web.archive.org/web/20150406042921/http://www.news.com.au/national/bogus-smoke-a-2-billion-waste/story-e6frfkvr-1226092757819 |date=6 April 2015 }} News.com.au, 12 July 2011</ref> Public health officials criticised Deloitte's decision to conduct the research, as it added credibility to the tobacco industry's effort to undermine the [[Australian Government]]'s [[plain cigarette packaging]] legislation.<ref>[http://www.abc.net.au/unleashed/2783400.html Professor Simon Chapman] {{Webarchive|url=https://web.archive.org/web/20110809041851/http://www.abc.net.au/unleashed/2783400.html |date=9 August 2011 }} ABC Online, 6 July 2011</ref><ref>[http://www.smh.com.au/federal-politics/political-news/study-burns-claims-plain-packaging-would-cost-tobacco-retailers-460m-20120321-1vkac.html Professor Owen Carter], ''[[The Sydney Morning Herald]]'', 22 March 2012</ref>

===COVID-19 vaccine website and patent infringement===
Deloitte was awarded a $44 million no-bid contract by the [[Centers for Disease Control and Prevention]] (CDC) in the United States to build a website to manage scheduling, inventory, and reporting for COVID-19 vaccination.<ref name=":0">{{Cite news|last=Stolberg|first=Sheryl Gay|date=6 February 2021|title=A no-bid contract to track vaccinations leads to frustration and a cease-and-desist letter.|language=en-US|work=The New York Times|url=https://www.nytimes.com/2021/02/06/world/a-no-bid-contract-to-track-vaccinations-leads-to-frustration-and-a-cease-and-desist-letter.html|access-date=7 February 2021|issn=0362-4331}}</ref> However, the website functioned poorly, leading very few states to adopt it for their vaccination management.<ref>{{Cite web|title=What went wrong with America's $44 million vaccine data system?|url=https://www.technologyreview.com/2021/01/30/1017086/cdc-44-million-vaccine-data-vams-problems/|access-date=30 January 2021|website=MIT Technology Review|language=en}}</ref><ref name=":0" />

In August 2020, a patent attorney for Tiffany Tate, the executive director of the Multi-State Partnership for Prevention (MSPP), issued a [[cease and desist]] letter accusing Deloitte and the CDC of stealing Tate's intellectual property for a mass vaccination tracker for use in tracking [[COVID-19 vaccine|vaccinations]] for [[COVID-19 pandemic|COVID-19]]. Tate had earlier demonstrated software to the CDC that would help automate key aspects of delivering mass vaccinations. Deloitte was present during that presentation and was identified by the CDC as a consultant. Under the [[First presidency of Donald Trump|Trump administration]], the CDC awarded a [[no bid]] contract to Deloitte to build a vaccine administration management system, even though MSPP had offered such a system at a lower price. Later, the CDC awarded a second contract to Deloitte, with both contracts totaling {{USD}}43.9 million. Tate's attorney said that Deloitte's system "has the identical structure, mirrors the functionality, and duplicates the same features" as MSPP's system. The attorney also commented that Deloitte tried to hire Ms. Tate to work on the project.<ref>{{Cite news|last=Stolberg|first=Sheryl Gay|date=6 February 2021|title=Immunization Expert Accuses C.D.C. and Deloitte of Stealing Her Idea|newspaper=The New York Times|url=https://www.nytimes.com/2021/02/06/us/politics/coronavirus-vaccines.html}}</ref><ref>[https://int.nyt.com/data/documenttools/cease-and-desist-letter/8f6900be59536352/full.pdf Cease and desist letter]</ref>

===E-mail hack===
In September 2017, ''[[The Guardian]]'' reported that Deloitte suffered a cyberattack that breached the confidentiality of its clients and 244,000 staff, allowing the attackers to access "usernames, passwords, IP addresses, architectural diagrams for businesses and health information". Reportedly, Deloitte had stored the affected data in Microsoft's [[Microsoft Azure|Azure]] cloud hosting service, without [[two-step verification]]. The attackers were thought to possibly have had access from as early as October 2016.<ref name="guardsep2017">{{cite web|url=https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails|title=Deloitte hit by cyber-attack revealing clients' secret emails|first=Nick|last=Hopkins|date=25 September 2017|access-date=10 October 2017|website=The Guardian}}</ref> [[Brian Krebs]] reported that the breach affected all of Deloitte's email and [[Superuser|administrative user]] accounts.<ref>{{cite web|url=https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all-company-email-admin-accounts/|title=Source: Deloitte Breach Affected All Company Email, Admin Accounts – Krebs on Security|website=krebsonsecurity.com|date=26 September 2017 |access-date=10 October 2017}}</ref><ref>{{cite magazine|url=https://www.wired.com/story/security-news-of-the-week-deloitte-sonic-whole-foods-breach/|title=Security News This Week: The Deloitte Breach Was Worse Than We Thought|magazine=Wired|access-date=9 November 2017}}</ref> A later report by ''The Wall Street Journal'' repeated Deloitte's statement that only a few clients were affected. Deloitte said that neither its services nor its clients' businesses were disrupted. Deloitte reportedly first noticed suspicious activity in April 2017. Deloitte said that no sensitive information was compromised and that its investigators were eventually able to read every email obtained by the hackers.<ref name="WallCyber">{{cite news|last1=Rapoport|first1=Michael|title=New York Investigates Deloitte Cyberbreach|newspaper=The Wall Street Journal|date=13 October 2017}}</ref>

In October 2017, ''The Guardian'' reported that client accounts compromised in the breach included, but were not limited to, the [[US Department of Defense]], the [[US Department of Homeland Security]], the [[US State Department]], the [[US Department of Energy]], mortgage companies [[Fannie Mae]] and [[Freddie Mac]], the [[National Institutes of Health]] (NIH), and the [[US Postal Service]].<ref>{{cite web|url=https://www.theguardian.com/business/2017/oct/10/deloitte-hack-hit-server-containing-emails-from-across-us-government|title=Deloitte hack hit server containing emails from across US government|first=Nick|last=Hopkins|date=10 October 2017|access-date=10 October 2017|website=The Guardian}}</ref> Fannie Mae and Freddie Mac issued statements saying they were not affected by the attack and denied that any of their data was compromised.<ref name="BankerCyber">{{cite news|last1=Berry|first1=Kate|title=Fannie, Freddie not affected by Deloitte breach, GSEs say|url=https://www.americanbanker.com/news/fannie-freddie-not-impacted-by-deloitte-breach-gses-say|access-date=6 December 2017|publisher=American Banker|date=10 October 2017}}</ref>

Deloitte said that it immediately contacted legal authorities and six clients. Deloitte also increased security measures on the advice of both internal and external experts.<ref name="ReutersCyber">{{cite news|last1=Sandle|first1=Paul|last2=Finkle|first2=Jim|title=Deloitte hacked, says 'very few' clients affected|url=https://www.reuters.com/article/us-deloitte-cyber/deloitte-hacked-says-very-few-clients-affected-idUSKCN1C01PB|access-date=6 December 2017|work=Reuters|issue=25 September 2017}}</ref> As of October 2017, the New York attorney general's office was investigating the hack.<ref name="WallCyber"/>

===Carillion===
Deloitte had acted as internal auditor at construction and services giant [[Carillion]] before it went into liquidation in January 2018. The "excoriating" and "damning" (''[[The Guardian]]'')<ref name="Davies-16May2018">{{cite news|last1=Davies|first1=Rob|title='Recklessness, hubris and greed' – Carillion slammed by MPs|url=https://www.theguardian.com/business/2018/may/16/recklessness-hubris-and-greed-carillion-slammed-by-mps|access-date=16 May 2018|work=The Guardian|date=16 May 2018}}</ref> final report of the Parliamentary inquiry into Carillion's collapse was published on 16 May 2018, and criticised Deloitte for its involvement in the company's financial reporting practices:
{{blockquote|Deloitte were responsible for advising Carillion’s board on risk management and financial controls, failings in the business that proved terminal. Deloitte were either unable to identify effectively to the board the risks associated with their business practices, unwilling to do so, or too readily ignored them.<ref name="Carillion report conclusion">{{cite book|title=Carillion: Second Joint report from the Business, Energy and Industrial Strategy and Work and Pensions Committees of Session 2017–19|url=https://publications.parliament.uk/pa/cm201719/cmselect/cmworpen/769/769.pdf|date=2018|publisher=House of Commons|location=London|page=91|access-date=16 May 2018}}</ref>}}

The select committee chairs (Frank Field and Rachel Reeves) called for a complete overhaul of Britain's corporate governance regime, accusing the big four accounting firms of operating as a "cosy club".<ref name="Davies-16May2018"/> Deloitte said it was "disappointed" with the committees' conclusions regarding its role as internal auditors, but would take on board any lessons that could be learned from Carillion's collapse.<ref name="Davies-16May2018"/>

=== US unemployment portals ===
Deloitte Consulting has been heavily involved in building unemployment insurance web portals across various US states, including Ohio, Colorado and Illinois. In May 2020, following a wave of applications resulting from the [[COVID-19 pandemic]], it was revealed that major security weaknesses existed in the web portals of these states. Personal information of unemployed applicants, including addresses and Social Security numbers, was exposed and viewable by the public. Following the revelation, proposed class actions were filed against the company.<ref>{{Cite web|title=Deloitte Sued Over Pandemic Unemployment Website Data Breaches|url=https://news.bloomberglaw.com/privacy-and-data-security/deloitte-sued-over-pandemic-unemployment-website-data-breaches|access-date=22 June 2020|website=news.bloomberglaw.com|language=en}}</ref>

The controversy follows similar short-fallings in Florida's unemployment portal. The CONNECT site, designed by Deloitte, was described as a "colossal failure" as it was created over-budget, delivered late, and did not work. Again, individuals laid off during the COVID pandemic were particularly vulnerable as they were out of jobs and unable to receive unemployment assistance. In May 2020, an investigation was ordered by Florida Governor [[Ron DeSantis]], finding that Deloitte ran insufficient stress testing.<ref>{{Cite web|title=Report: Company behind flawed unemployment website says Florida got what it asked for|url=https://www.wtsp.com/article/money/business/connect-website-florida-unemployment-deloitte/67-644f9528-3b11-4080-bad9-fdca8f6cfb37|access-date=22 June 2020|website=wtsp.com| date=10 May 2020 |language=en-US}}</ref><ref>{{Cite web |last=Downey |first=Renzo |date=2021-03-05 |title=CONNECT investigation first findings: Deloitte ran insufficient stress testing |url=https://floridapolitics.com/archives/409408-connect-investigation-first-findings-deloitte-ran-insufficient-stress-testing/ |access-date=2024-08-14 |website=[[Florida Politics]] |language=en-US}}</ref>

=== Tingo ===
A Deloitte network firm named Brightman Almagor Zohar & Co., sometimes known as Deloitte Israel, gave an unqualified audit opinion on the accounts of [[Tingo Group]], Inc for 2022.<ref>{{Cite web |title=ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the fiscal year ended December 31, 2022....TINGO GROUP, INC. |url=https://www.sec.gov/Archives/edgar/data/854800/000121390023025186/f10k2022_tingogroupinc.htm#:~:text=Determine%20the%20Accounting%20Acquirer%20and%20Evaluate%20the%20Valuation%20and%20Balance%20Sheet%20Presentation%20of%20the%20Consideration%20%E2%80%93%20Acquisition%20of%20Tingo%20Mobile%20Ltd%20%E2%80%93%20Refer%20to%20Note%2013%20to%20the%20Fi |access-date=2024-01-04 |website=United States Securities and Exchange Commission.}}</ref> This became controversial when a report by [[Hindenburg Research]] identified "obvious errors" in Tingo's financials, making Hindenburg "suspect Deloitte Israel missed or rushed through procedures that would have uncovered important findings",<ref>{{Cite web |date=2023-06-06 |title=Tingo Group: Fake Farmers, Phones, and Financials—The Nigerian Empire That Isn't – Hindenburg Research |url=https://hindenburgresearch.com/tingo/ |access-date=2024-01-04 |language=en-US}}</ref> and the [[U.S. Securities and Exchange Commission]] accused Tingo Group and others of a fraud of "staggering" scope.<ref>{{Cite web |date=2023-12-18 |title=Case 1:23-cv-10928 Document 1 |url=https://www.sec.gov/files/litigation/complaints/2023/comp25913.pdf |access-date=2024-01-04 |website=United States Securities and Exchange Commission}}</ref><ref>{{Cite news |title=SEC charges fintech Tingo chief with 'massive' fraud after Hindenburg short position |url=https://www.ft.com/content/228fac01-1e93-4162-8f14-dcac297a44ad |access-date=2024-01-04 |newspaper=Financial Times|date=18 December 2023 |last1=Quinio |first1=Akila |last2=Adeoye |first2=Aanu }}</ref>