EY Breach Exposes Client Tax Data Files
A compromised third-party IT support system has led to a significant data exposure affecting Ernst & Young clients globally.
Professional services giant Ernst & Young is currently working to address the fallout from a security incident that compromised a third-party support ticket system. The breach, which involved unauthorized access to internal platforms used by IT personnel, potentially exposed sensitive client tax information.
Unauthorized Access to Support Portals
The organization, which operates across more than 150 countries, first identified suspicious activity on its networks on April 23. Subsequent investigations conducted alongside external cybersecurity experts revealed that an unauthorized party had maintained access to a specific support platform for a period lasting from March 28 until April 12. During this window, the threat actor successfully downloaded multiple documents containing client information.
Scope of the Exposure Remains Unclear
While the company has confirmed that the stolen files included data used in the preparation of tax filings, the exact nature of the compromised records remains imprecise. Ernst & Young has yet to disclose the total number of individuals impacted or confirm if the breach was localized to the U.S. or expanded across its global footprint. The firm has also noted that it is not aware of any direct misuse of the stolen files or evidence suggesting that specific individuals were targeted for the operation.
- Global revenue reported by the firm reached $53.2 billion for the last fiscal year.
- The total workforce employed by the organization includes 406,000 individuals.
- Affected clients are being offered 24 months of identity monitoring and restoration services.
- The deadline for enrollment in these protective services is October 31, 2026.
Response and Mitigation Efforts
In the wake of the incident, the firm has moved to secure its systems and notify federal law enforcement authorities. While no ransomware groups or data extortion syndicates have claimed responsibility for the event, the company is urging all affected parties to utilize the provided identity monitoring tools to guard against potential downstream consequences.
The Risks of Third-Party Dependencies
This incident underscores the persistent challenge of securing extended enterprise environments where third-party platforms often act as a gateway for broader network intrusion. For clients, the breach of an intermediary system—even one intended for routine IT support—represents a critical failure in the protection of sensitive financial data. As organizations continue to digitize tax and auditing workflows, the reliance on external ticketing software creates a wider attack surface that requires rigorous scrutiny and proactive testing to ensure vulnerabilities are identified before malicious actors can exploit them.
Continue Reading
AI Spam Filters Falter Against Salting
Modern LLM-powered email security is struggling to identify phishing attempts that use decades-old text-hiding techniques.
GPT-5.6 Data Erasure: An Honest Error?
OpenAI confirms that its latest model occasionally wipes user files, attributing the behavior to internal alignment miscalculations.
Critical Path Traversal Flaw Found in IBM Langflow OSS
A critical vulnerability in IBM Langflow OSS allows for arbitrary file writes, posing a severe risk to systems utilizing the APIRequest component.