Ernst & Young discloses data breach after support system hack
Ernst & Young discloses data breach via compromised third-party support ticket system exposing client tax information.
Summary
Ernst & Young notified customers of a data breach affecting its third-party support ticket system used by IT personnel, where unauthorized access occurred between March 28 and April 12. The compromise exposed personal and financial data contained in tax filing documents submitted through the platform. EY discovered the breach on April 23, secured its systems, notified law enforcement, and is offering affected clients 24 months of identity monitoring through Experian.
Full text
Ernst & Young discloses data breach after support system hack By Bill Toulas July 17, 2026 10:55 AM 1 Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel. According to the company, support tickets submitted through the platform may have included documents containing client tax information. Ernst & Young (EY) is among the world’s four largest auditing and professional services providers, offering auditing, tax, consulting, and transaction advisory services to major organizations in more than 150 countries. The company employs 406,000 people and reported a global revenue of $53.2 billion last year. The breach notification to affected clients states that Ernst & Young detected anomalous activity on its networks on April 23 and initiated an investigation. With help from external cybersecurity experts, the company determined that an unauthorized third party had accessed the said platform between March 28 and April 12 and downloaded multiple documents. The affected information included certain personal and financial data contained in or used to prepare tax filings. Since the notification sample features a placeholder for the specific data types, the type of the information exposed remains unclear. Also, the company has not shared exactly how many customers were affected or whether the incident impacts only its U.S. customer base or other countries as well. Ernst & Young says it secured its systems and notified federal law enforcement authorities, while it has assured that the unauthorized access has been removed. The company also states that it is not aware of any misuse or further exposure of the stolen files and has no indication that particular individuals were targeted by the threat actors. To mitigate the risks arising from this exposure, EY offers affected clients 24 months of identity monitoring and restoration service through Experian and urges letter recipients to enroll by October 31, 2026. At the time of writing, no data extortion or ransomware groups have taken responsibility for the attack on Ernst & Young. BleepingComputer has contacted EY to learn more about the incident, but we have not yet received a response at the time of publication. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: Healthtech firm Xolis suffers data breach impacting 1.4 million peopleSoFi confirms third-party data breach at Hong Kong subsidiaryMedtronic notifies customers impacted by ShinyHunters data breachLastPass confirms data breach in Klue supply chain attackTexas govt data breach exposes over 3 million driver’s licenses