Security Affairs
Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets

Ernst & Young (EY) disclosed a data breach after attackers compromised a third-party IT support system containing client documents and tax information. Ernst & Young (EY) is disclosed a data breach linked to a compromised third-party support ticket system used by its IT teams. The platform stored support requests that may have included documents containing […]

Ernst & Young (EY)

Ernst & Young (EY) disclosed a data breach after attackers compromised a third-party IT support system containing client documents and tax information.

Ernst & Young (EY) is disclosed a data breach linked to a compromised third-party support ticket system used by its IT teams. The platform stored support requests that may have included documents containing client tax information.

“EY uses a third-party information technology service management platform to help EY information technology personnel provide support to EY teams performing tax-related work for clients. Support tickets submitted through the platform may include documents containing client tax information. On April 23, 2026, EY identified anomalous activity within that platform.” reads the data breach notification. ” “EY’s Information Security team immediately initiated its incident response procedure to determine the nature and scope of the incident, contain it, and begin remediation and recovery efforts. EY has worked with an independent cybersecurity firm to investigate the incident and confirm that the unauthorized access has been stopped, and our systems are now secure. Based on EY’s investigation and available evidence, between March 28, 2026, and April 12, 2026, an unauthorized third party accessed the platform referenced above and downloaded documents pertaining to a number of EY clients.”

Ernst & Young is one of the world’s Big Four professional services firms, providing audit, tax, consulting, cybersecurity, and transaction advisory services. The company operates in more than 150 countries, with around 406,000 employees and global revenues of approximately $53.2 billion in fiscal year 2025. Its access to sensitive client data makes it a high-value target.

Ernst & Young revealed that it detected anomalous activity on its networks on April 23 and launched an investigation into the security breach with the help of external cybersecurity experts.

The company determined that an unauthorized third party had accessed the said platform between March 28 and April 12 and downloaded multiple documents.

The compromised information included certain personal and financial data contained in or used to prepare tax filings.

At this time, it is unclear how many customers were impacted by the incident.

EY announced it has secured its systems, removed unauthorized access, and notified federal authorities. The company pointed out that it has no evidence of misuse of the exposed files or targeted attacks against specific individuals.

“At this time, we are not aware of any misuse or further exposure of your personal information as a result of this incident. Further, we do not have any indication your personal information was specifically targeted.” continues the notification. “Nevertheless, we are providing information about steps you can take to further secure your personal information.”

To support affected clients, EY is offering 24 months of identity monitoring and restoration services through Experian.

At this time, no ransomware group has claimed responsibility for the attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, EY)