Deloitte—one of the big four professional services providers—confirmed to the newspaper it had been hit by a hack, but it said only a small number of its clients had been impacted.

The firm discovered the hack in March, according to the Guardian, but the cyber attackers could have had breached its systems as long ago as October or November 2016.

The attack was believed to have been focused on the U.S. operations of the company, which provides auditing, tax advice, and consultancy to multinationals and governments worldwide.

“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte,” a spokesman told the newspaper. “As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.”

A Deloitte spokeswoman declined immediate comment, saying that the firm would issue a statement shortly.