{"id":14396,"date":"2026-07-18T10:03:40","date_gmt":"2026-07-18T10:03:40","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/07\/18\/ey-data-breach-hackers-gain-access-to-it-support-system-and-download-documents\/"},"modified":"2026-07-18T10:03:40","modified_gmt":"2026-07-18T10:03:40","slug":"ey-data-breach-hackers-gain-access-to-it-support-system-and-download-documents","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/07\/18\/ey-data-breach-hackers-gain-access-to-it-support-system-and-download-documents\/","title":{"rendered":"EY Data Breach \u2013 Hackers Gain Access to IT Support System and Download Documents"},"content":{"rendered":"<p>    EY Data Breach \u2013 Hackers Gain Access to IT Support System and Download Documents<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">Ernst &amp; Young LLP (EY) is notifying clients that an unauthorized third party breached a support ticket platform used by its IT staff, downloading documents containing client tax data during a roughly two-week window this spring.<\/p>\n<p class=\"wp-block-paragraph\">The Big Four accounting and consulting giant filed breach notifications with the California Attorney General\u2019s office on July 15, 2026, confirming the incident\u2019s scope.<\/p>\n<p class=\"wp-block-paragraph\">According to EY\u2019s notification letter dated July 13, 2026, the firm uses a <a href=\"https:\/\/cybersecuritynews.com\/chinese-apt-group-it-service-provider\/\" target=\"_blank\" rel=\"noreferrer noopener\">third-party IT service<\/a> management platform to help its information technology personnel support internal teams handling tax-related client work. <\/p>\n<p class=\"wp-block-paragraph\">Support tickets submitted through this platform routinely included attachments containing sensitive client tax information, a common but risky practice in enterprise IT support workflows.<\/p>\n<h2 id=\"h-ey-data-breach\" class=\"wp-block-heading\"><strong>EY Data Breach<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">EY identified anomalous activity within the platform on April 23, 2026, and immediately triggered its incident response procedures. Working with an independent cybersecurity firm, EY\u2019s investigation determined that an unauthorized third party had actually accessed the platform earlier between March 28, 2026, and April 12, 2026, and downloaded documents pertaining to a number of EY clients before the intrusion was detected.<\/p>\n<p class=\"wp-block-paragraph\">That gap of roughly three weeks between initial compromise and detection meant attackers had a substantial window to exfiltrate data undetected.<\/p>\n<p class=\"wp-block-paragraph\">The compromised documents contained personal information tied to individuals\u2019 investment holdings with EY\u2019s institutional clients, along with financial information used in preparing tax filings.<\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/oag.ca.gov\/system\/files\/EY%20Notice%20Letter%20US%20General.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">EY\u2019s letter said that<\/a> it has no current evidence of misuse of the exposed data or indication that specific individuals were deliberately targeted. <\/p>\n<p class=\"wp-block-paragraph\">Notably, this incident is separate from other <a href=\"https:\/\/cybersecuritynews.com\/ey-data-leak\/\" target=\"_blank\" rel=\"noreferrer noopener\">recent EY security lapses, including a 4TB SQL Server backup<\/a> exposure tied to EY\u2019s Italian entity that was disclosed in October 2025 after researchers found it publicly accessible on Azure storage.<\/p>\n<p class=\"wp-block-paragraph\">EY previously suffered a breach in 2023 tied to the mass-exploited <a href=\"https:\/\/cybersecuritynews.com\/moveit-hack-mass-hack\/\" target=\"_blank\" rel=\"noreferrer noopener\">MOVEit Transfer<\/a> vulnerability affecting over 30,000 individuals.<\/p>\n<p class=\"wp-block-paragraph\">Attackers increasingly target IT service management and helpdesk platforms because support tickets often aggregate sensitive attachments across many clients in a single, sometimes under-secured, third-party environment.<\/p>\n<p class=\"wp-block-paragraph\">For a firm like EY that processes tax data for financial institutions globally, a single compromised support system can cascade into exposure affecting numerous downstream clients and their end customers, amplifying both regulatory scrutiny and reputational fallout.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 87%,rgb(169,184,195) 100%)\"><strong>\u00a0Strengthen Your SOC by Accelerating Threat Detection &amp; Rapid Investigations.\u00a0-&gt;\u00a0<a href=\"https:\/\/any.run\/enterprise\/?utm_source=csn&amp;utm_medium=links&amp;utm_campaign=sandbox&amp;utm_content=enterprise&amp;utm_term=0626#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Integrate ANY.RUN With Your SOC\u00a0<\/a><strong><a href=\"https:\/\/any.run\/enterprise\/?utm_source=csn&amp;utm_medium=links&amp;utm_campaign=sandbox&amp;utm_content=enterprise&amp;utm_term=0626#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Now<\/a><\/strong>.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/ey-data-breach\/\">EY Data Breach \u2013 Hackers Gain Access to IT Support System and Download Documents<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Guru Baran<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/ey-data-breach\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>EY Data Breach \u2013 Hackers Gain Access to IT Support System and Download Documents Ernst &amp; Young LLP (EY) is notifying clients that an unauthorized third party breached a support ticket platform used by its IT staff, downloading documents containing client tax data during a roughly two-week window this spring. The Big Four accounting and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,156],"tags":[130],"class_list":["post-14396","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-data-breach","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14396"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=14396"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14396\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=14396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=14396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=14396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}