EY Data Breach – Hackers Gain Access to IT Support System and Download Documents

EY Data Breach – Hackers Gain Access to IT Support System and Download Documents










Ernst & Young LLP (EY) is notifying clients that an unauthorized third party breached a support ticket platform used by its IT staff, downloading documents containing client tax data during a roughly two-week window this spring.

The Big Four accounting and consulting giant filed breach notifications with the California Attorney General’s office on July 15, 2026, confirming the incident’s scope.

According to EY’s notification letter dated July 13, 2026, the firm uses a third-party IT service management platform to help its information technology personnel support internal teams handling tax-related client work.

Support tickets submitted through this platform routinely included attachments containing sensitive client tax information, a common but risky practice in enterprise IT support workflows.

EY Data Breach

EY identified anomalous activity within the platform on April 23, 2026, and immediately triggered its incident response procedures. Working with an independent cybersecurity firm, EY’s investigation determined that an unauthorized third party had actually accessed the platform earlier between March 28, 2026, and April 12, 2026, and downloaded documents pertaining to a number of EY clients before the intrusion was detected.

That gap of roughly three weeks between initial compromise and detection meant attackers had a substantial window to exfiltrate data undetected.

The compromised documents contained personal information tied to individuals’ investment holdings with EY’s institutional clients, along with financial information used in preparing tax filings.

EY’s letter said that it has no current evidence of misuse of the exposed data or indication that specific individuals were deliberately targeted.

Notably, this incident is separate from other recent EY security lapses, including a 4TB SQL Server backup exposure tied to EY’s Italian entity that was disclosed in October 2025 after researchers found it publicly accessible on Azure storage.

EY previously suffered a breach in 2023 tied to the mass-exploited MOVEit Transfer vulnerability affecting over 30,000 individuals.

Attackers increasingly target IT service management and helpdesk platforms because support tickets often aggregate sensitive attachments across many clients in a single, sometimes under-secured, third-party environment.

For a firm like EY that processes tax data for financial institutions globally, a single compromised support system can cascade into exposure affecting numerous downstream clients and their end customers, amplifying both regulatory scrutiny and reputational fallout.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.

The post EY Data Breach – Hackers Gain Access to IT Support System and Download Documents appeared first on Cyber Security News.






Guru Baran





Go to cyber-security-news





Posted

in

, ,

by