Accountancy firm Deloitte is the latest victim of a cyberattack which may have compromised the data of some of its clients. The cyberattack occurred through the company’s email system, Deloitte said in a statement on Monday.

Hackers breached the company’s global email server through an administrator’s account. This theoretically gave them privileged, unrestricted access to all areas. The account did not have two-factor authentication.

The Guardian reports that the cyberattack went unnoticed for months. Deloitte discovered the hack in March, 2017, but the attackers may have had access to the company’s systems since October 2016.

Deloitte said it had contacted those whose data had been accessed, but did not state how many people had been affected or how much information had been compromised.

The firm said it had informed government authorities and regulators of the breach.

“Deloitte remains deeply committed to ensuring that its cybersecurity defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber-security.”

Deloitte is a global accountancy firm, which provides auditing, cybersecurity advice, and tax consultancy to clients drawn from major banks, multinationals and government agencies. For the year ending 31 May, the firm reported revenues of $4.6 billion.