Ernst & Young is notifying customers of a data breach stemming from a compromised third-party support ticket system used by its IT personnel. The breach exposed customer information stored within the platform.
Ernst & Young (EY), one of the Big Four accounting and consulting firms, disclosed the security incident after threat actors gained unauthorized access to a third-party support system. The platform, used internally by EY's IT staff to manage technical support tickets, contained customer data.
The breach notification indicates that attackers exploited vulnerabilities in the support system to access sensitive information. EY has begun contacting affected customers and is working with cybersecurity experts to investigate the scope and nature of the exposed data.
Third-party support systems have become frequent attack vectors for cybercriminals seeking to compromise large organizations. These platforms often maintain elevated access privileges and store sensitive client information, making them attractive targets. The incident highlights ongoing risks associated with managing security across vendor ecosystems.
EY has not disclosed the specific volume of records affected or detailed timelines for when the breach occurred and was discovered. The firm stated it is implementing additional security measures and recommending customers review their accounts for suspicious activity.
This breach adds to a growing list of major corporations experiencing data compromises through external service providers. Similar incidents at other large firms underscore the challenge of securing interconnected systems where multiple parties have access to sensitive data.
Customers affected by the breach are advised to monitor financial accounts and credit reports for fraudulent activity. EY is providing resources to assist impacted parties, though specific details remain limited as the investigation continues.
The incident reinforces the importance of organizations implementing strict access controls, regular security audits, and segmented networks to limit potential damage from vendor compromises.
Federal authorities arrested a 21-year-old Florida man suspected of stealing over $220,000 in cryptocurrency through malware-infected Steam games. The scheme infected approximately 8,000 devices and compromised 80 crypto wallets between May 2024 and February 2026.
Hackers are exploiting legitimate hotel reservations from over 350 properties worldwide to launch convincing spear-phishing campaigns. The targeted attacks use genuine booking details to bypass user skepticism.
US Homeland Security Investigations seized over 30,000 mobile SIM cards across the country in an operation targeting infrastructure used for widespread telephone fraud.
Your smart fridge, washing machine, and dishwasher are collecting data about your habits and usage patterns. Here's what you need to know about what they track and how to find out.