HomeCyber BalkansEY Data Breach: Hackers Compromise Third-Party IT Support Platform and Steal Client...

EY Data Breach: Hackers Compromise Third-Party IT Support Platform and Steal Client Tax Documents

Published on

spot_img

Ernst & Young Confirms Major Data Security Breach Affecting Client Information

Ernst & Young LLP (EY) has confirmed a significant data security incident following a breach of a third-party information technology service management platform utilized by its tax practice. This breach reportedly allowed unauthorized individuals to gain access to sensitive documents containing personal and financial information of clients.

The firm took immediate action by filing formal notifications regarding the breach with the California Attorney General’s office on July 15, 2026, while individual notification letters were sent to the affected clients, dated July 13, 2026. These letters indicated that EY was actively informing those impacted about the incident.

EY has emphasized its reliance on a third-party IT service management platform to facilitate its internal IT teams’ support functions for various tax-related activities involving clients. However, in a common yet potentially risky IT support workflow, support tickets submitted through this platform often included attachments containing sensitive client tax documentation—a practice that raises security concerns in any corporate environment.

On April 23, 2026, EY’s Information Security team detected unusual activity within the platform, leading to an immediate activation of incident response protocols aimed at determining the extent of the breach, containing the security incident, and initiating recovery processes. Investigations conducted in collaboration with an independent cybersecurity firm revealed that unauthorized access had commenced weeks earlier, specifically between March 28 and April 12, 2026. This lack of detection for approximately two weeks provided attackers with a substantial opportunity to explore and extract documents related to numerous EY clients.

The breach exposed sensitive information including personal details about clients’ investment portfolios, as well as financial data associated with their tax filings. Since the specific data elements varied by recipient, EY’s notification letters contained placeholders for certain categories like Social Security numbers but confirmed that both personal identifiers and financial data for tax preparation were compromised.

In particular, a disclosure from Rhode Island noted that the breach had a limited impact, affecting only seven residents from that state. This suggests that while the breach may have involved numerous clients, the total number of victims does not appear to be overwhelmingly large.

Upon discovering the breach, EY secured its systems and initiated a forensic investigation with the help of external specialists while also notifying federal law enforcement. The firm stated that unauthorized access had been ceased, affected systems were made secure, and it found no evidence indicating misuse or that any individual’s data had been specifically targeted.

As a form of remediation for affected clients, EY is offering 24 months of complimentary credit and identity monitoring services through Experian’s IdentityWorks, along with identity restoration services. Enrollment in these services is required by October 31, 2026.

This incident marks EY’s second significant data exposure event in under a year. In October 2025, Neo Security researchers identified a publicly accessible 4TB SQL Server backup file on Microsoft Azure due to a misconfiguration during a cloud migration. Although EY indicated that this exposure was limited to an entity acquired by EY Italy and did not affect client or global systems, the current incident reveals confirmed unauthorized access and data exfiltration, impacting client tax records across its institutional client base.

The recent breach highlights a continuing enterprise risk associated with support-ticketing systems that often serve as unintended repositories for sensitive client documentation. These systems, which routinely ingest client attachments for troubleshooting purposes, may not receive the same level of security scrutiny as core financial infrastructures.

As organizations face evolving threats in the digital landscape, the importance of stringent data security practices and training for employees becomes ever more critical. The EY incident serves as a stark reminder that even well-established firms must remain vigilant in safeguarding client data against unauthorized access and breaches that could have far-reaching consequences for both the firm and its clients.

With an increasing reliance on third-party services and cloud-based solutions for operational efficiency, companies must prioritize comprehensive cybersecurity measures and robust incident response protocols to protect sensitive information. The EY breach serves as a cautionary tale for enterprises navigating the complexities of modern data management and security.

Source link

Latest articles

GigaWiper by CyberMaterial and Sofia

GigaWiper: The Malware that Redefines Cyber Threats In the realm of cybersecurity, malware has traditionally...

UK Cyber Attacks Increase by 34% as Ransomware Leadership Changes, According to Check Point Research

In June 2026, organizations in the United Kingdom faced an alarming average of 1,589...

1Password Integrates with Claude AI for Enhanced Secure Authentication

1Password Integrates with Anthropic's Claude AI: Enhancing Secure Authentication In a significant advancement in digital...

More like this

GigaWiper by CyberMaterial and Sofia

GigaWiper: The Malware that Redefines Cyber Threats In the realm of cybersecurity, malware has traditionally...

UK Cyber Attacks Increase by 34% as Ransomware Leadership Changes, According to Check Point Research

In June 2026, organizations in the United Kingdom faced an alarming average of 1,589...