2026-07-19 · view entry permalink →
Ernst & Young discloses a breach of a third-party IT support-ticket platform used by its tax practice, exposing client tax and financial documents
Ernst & Young LLP (EY), one of the "Big Four" audit/tax/consulting networks, filed data-breach notifications with the California and Vermont Attorneys General on 2026-07-15 after determining that an unauthorized third party had accessed a third-party IT service-management (ITSM) platform used by its tax practice (California OAG, 2026-07-15). EY detected anomalous activity on 2026-04-23 and an external forensics firm concluded that the intruder had access "between March 28 and April 12 and downloaded multiple documents" belonging to multiple tax clients — a roughly two-week access window, detected about eleven days after the intruder's access ended (BleepingComputer, 2026-07-17). The platform manages IT support tickets for tax-engagement work, and "support tickets submitted through the platform may include documents containing client tax information" — the financial information used to prepare tax filings (CyberInsider, 2026-07-17); the regulatory notice letter itself redacts the specific data elements involved. EY has not disclosed the initial-access vector, named the compromised third-party platform, stated how many individuals are affected, or said whether non-US clients are impacted; no extortion or ransomware group has claimed the intrusion, and EY is offering 24 months of identity monitoring to affected individuals (BleepingComputer, 2026-07-17).
an unauthorized third party had accessed the said platform between March 28 and April 12 and downloaded multiple documents
Support tickets submitted through the platform may include documents containing client tax information.
Sample of Notice: EY Notice Letter US General.pdf Organization Name: Ernst & Young LLP Date(s) of Breach (if known): Saturday, March 28, 2026 Thursday, April 23, 2026