2 min read

EY says support system hack exposed client tax data

Ernst & Young is notifying clients after attackers accessed a third-party support ticket system and downloaded files that may include tax data.

Image: BleepingComputer

Ernst & Young is notifying customers of a data breach after attackers compromised a third-party support ticket system used by its IT staff. According to the company, support tickets submitted through the platform may have included documents containing client tax information.

EY said in a breach notice to affected clients that it detected anomalous activity on its networks on April 23 and launched an investigation. With help from external cybersecurity experts, the company determined that an unauthorized third party accessed the platform between March 28 and April 12 and downloaded multiple documents.

The exposed information included certain personal and financial data contained in, or used to prepare, tax filings. The exact data types are still unclear because the notification sample includes a placeholder for that detail.

EY is one of the Big Four auditing and professional services firms, operating in more than 150 countries. The company says it employs 406,000 people and reported $53.2 billion in global revenue last year.

Recommended reading

US launches Gold Eagle to hunt software flaws faster

So far, EY has not said how many customers were affected or whether the breach is limited to its U.S. customer base or extends to other countries. The company said it has secured its systems, removed the unauthorized access, and notified federal law enforcement.

EY also said it is not aware of any misuse or further exposure of the stolen files and has no indication that specific individuals were targeted. To reduce risk, the company is offering affected clients 24 months of identity monitoring and restoration services through Experian, with enrollment open until October 31, 2026.

At the time of writing, no data extortion or ransomware group had claimed responsibility for the incident. BleepingComputer said it contacted EY for more details but had not received a response by publication time.

Article image
Article image
Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via BleepingComputer

// Keep reading