Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
EY Data Breach: Attackers Access IT Support, Download Documents
July 17, 2026
Ransomware Attack Halts Fairlife Production Across US
July 17, 2026
PentestCode AI Agent Automates Pen Testing with 18 Specialized Tools
July 17, 2026
Home/CyberSecurity News/EY Data Breach: Attackers Access IT Support, Download Documents
CyberSecurity News

EY Data Breach: Attackers Access IT Support, Download Documents

Key Takeaways Ernst & Young (EY) disclosed a data breach affecting a third-party IT support platform. Unauthorized access occurred between March 28, 2026, and April 12, 2026, leading to the...

Emy Elsamnoudy
Emy Elsamnoudy
July 17, 2026 3 Min Read
2 0

Key Takeaways

  • Ernst & Young (EY) disclosed a data breach affecting a third-party IT support platform.
  • Unauthorized access occurred between March 28, 2026, and April 12, 2026, leading to the download of client tax documents.
  • The compromised data includes personal investment holdings and financial information used for tax preparation.
  • This incident is distinct from previous EY security disclosures, highlighting persistent challenges in third-party vendor security.

EY Discloses Client Tax Data Breach Via IT Support Platform

Ernst & Young LLP (EY), one of the “Big Four” accounting and consulting firms, has begun notifying clients about a security incident involving a third-party support ticket system. An unauthorized actor gained access to this platform, subsequently downloading documents that contained sensitive client tax information over a period of approximately two weeks this spring.

Table Of Content

  • Key Takeaways
  • EY Discloses Client Tax Data Breach Via IT Support Platform
  • Incident Details and Timeline
  • Impacted Data and Previous Incidents
  • The Growing Threat to IT Service Platforms
  • What You Should Do

Details of the breach were officially filed with the California Attorney General’s office on July 15, 2026, confirming the scope and nature of the compromise.

Incident Details and Timeline

According to EY’s notification letter, dated July 13, 2026, the firm utilizes an external IT service management platform. This system is designed to facilitate support for internal teams engaged in client-related tax work. Critically, support tickets submitted through this platform frequently included attachments containing confidential client tax information—a common, yet high-risk, practice within enterprise IT support operations.

EY’s internal security teams first detected unusual activity within the platform on April 23, 2026, promptly initiating their incident response protocols. A subsequent investigation, conducted with the assistance of an independent cybersecurity firm, revealed that the unauthorized access had actually commenced much earlier, specifically between March 28, 2026, and April 12, 2026. During this window, the attacker managed to download various documents related to numerous EY clients before the intrusion was identified.

The nearly three-week gap between the initial compromise and its detection provided a significant opportunity for the attackers to exfiltrate data without immediate intervention.

Impacted Data and Previous Incidents

The documents accessed by the unauthorized party contained personal information linked to individuals’ investment portfolios with EY’s institutional clients. Additionally, financial details essential for preparing tax filings were also exposed. EY’s letter said that, at present, there is no evidence suggesting the misuse of the exposed data or that specific individuals were deliberately targeted.

This latest incident is separate from other recent security lapses experienced by EY. In October 2025, a 4TB SQL Server backup associated with EY’s Italian entity was found publicly accessible on Azure storage by security researchers. Furthermore, EY was impacted in 2023 by the widespread exploitation of the MOVEit Transfer vulnerability, which affected over 30,000 individuals.

The Growing Threat to IT Service Platforms

Cyber adversaries are increasingly focusing their attacks on IT service management and helpdesk platforms. These systems are attractive targets because support tickets often consolidate sensitive attachments from numerous clients into a single environment, which may sometimes lack adequate security measures. For a global firm like EY, which handles tax data for financial institutions worldwide, a compromised support system can lead to a cascading exposure affecting a multitude of downstream clients and their end customers, thereby escalating both regulatory scrutiny and reputational damage.

What You Should Do

  • Review Third-Party Vendor Security: Organizations should conduct thorough security assessments of all third-party IT service providers, paying close attention to data handling practices and incident response capabilities.
  • Implement Data Minimization: Limit the amount of sensitive data attached to support tickets. Explore secure alternatives for sharing confidential information.
  • Enhance Monitoring: Implement robust monitoring and logging on all IT service management platforms to detect anomalous activity promptly.
  • Strengthen Access Controls: Ensure stringent access controls, multi-factor authentication (MFA), and regular access reviews for all users of IT support systems, especially those with access to sensitive client data.
  • Educate Staff: Train IT support staff on secure data handling practices and the risks associated with attaching sensitive information to support tickets.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCybersecurityExploitSecurityVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Ransomware Attack Halts Fairlife Production Across US

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
ClickLock macOS Stealer Kills Apps, Forces Password Entry
July 17, 2026
Top 10 Identity Threat Detection and Response (ITDR) Solutions for 2026
July 17, 2026
GPT-5.6 Codex Bug Deletes Files From Home Directories
July 17, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us