Ernst & Young disclosed a data breach stemming from a third-party support ticket system hack. Compromised client tax information may have been accessed, impacting privacy and security for affected customers.
Ernst & Young (EY) notified customers about a data breach caused by the compromise of a third-party support ticket system used for IT support. Anomalous activity was detected on April 23, leading to an investigation that revealed unauthorized access from March 28 to April 12.
During this period, the attacker accessed and downloaded multiple documents that included client tax information, posing risks to clients' personal and financial data.
EY has since secured its systems and involved federal law enforcement authorities in the investigation. The company emphasized that it has removed the unauthorized access and is currently unaware of any misuse of the compromised files. Specifics about the type of data accessed and the number of clients affected have not been disclosed.
To combat potential risks from the breach, EY is offering affected clients 24 months of identity monitoring and restoration services via Experian. Clients are urged to enroll in these services by October 31, 2026, to mitigate identity theft and other associated risks.
The lack of clarity around the types of data exposed and the geographic scope of affected clients points to the need for enhanced cybersecurity measures within the company.
As one of the largest auditing firms globally, this incident highlights vulnerabilities in service provider security and the significant impact such breaches can have on client trust. Although no specific individuals were reportedly targeted, the breach raises concerns about the security practices of third-party systems utilized by major corporations.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Ernst & Young disclosed a data breach stemming from a third-party support ticket system hack. Compromised client tax information may have been accessed, impacting privacy and security for affected customers.