:

ERNST & YOUNG CONFIRMS DATA BREACH VIA HACKED SUPPORT SYSTEM

SECURITY DESK2 MIN READ
FRI, JUL 17, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Ernst & Young is notifying customers of a data breach stemming from a compromised third-party support ticket system used by its IT personnel. The breach exposed customer information stored within the platform.

Ernst & Young (EY), one of the Big Four accounting and consulting firms, disclosed the security incident after threat actors gained unauthorized access to a third-party support system. The platform, used internally by EY's IT staff to manage technical support tickets, contained customer data. The breach notification indicates that attackers exploited vulnerabilities in the support system to access sensitive information. EY has begun contacting affected customers and is working with cybersecurity experts to investigate the scope and nature of the exposed data. Third-party support systems have become frequent attack vectors for cybercriminals seeking to compromise large organizations. These platforms often maintain elevated access privileges and store sensitive client information, making them attractive targets. The incident highlights ongoing risks associated with managing security across vendor ecosystems. EY has not disclosed the specific volume of records affected or detailed timelines for when the breach occurred and was discovered. The firm stated it is implementing additional security measures and recommending customers review their accounts for suspicious activity. This breach adds to a growing list of major corporations experiencing data compromises through external service providers. Similar incidents at other large firms underscore the challenge of securing interconnected systems where multiple parties have access to sensitive data. Customers affected by the breach are advised to monitor financial accounts and credit reports for fraudulent activity. EY is providing resources to assist impacted parties, though specific details remain limited as the investigation continues. The incident reinforces the importance of organizations implementing strict access controls, regular security audits, and segmented networks to limit potential damage from vendor compromises.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Federal authorities arrested a 21-year-old Florida man suspected of stealing over $220,000 in cryptocurrency through malware-infected Steam games. The scheme infected approximately 8,000 devices and compromised 80 crypto wallets between May 2024 and February 2026.

1H AGOSecurity Desk

Hackers are exploiting legitimate hotel reservations from over 350 properties worldwide to launch convincing spear-phishing campaigns. The targeted attacks use genuine booking details to bypass user skepticism.

1H AGOSecurity Desk

US Homeland Security Investigations seized over 30,000 mobile SIM cards across the country in an operation targeting infrastructure used for widespread telephone fraud.

2H AGOIndustry Desk

Your smart fridge, washing machine, and dishwasher are collecting data about your habits and usage patterns. Here's what you need to know about what they track and how to find out.

2H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.