Ernst & Young vendor exposes sensitive client tax records, company says
Unauthorized activity in the system continued for weeks.

Image from Gettyimages
- EY disclosed a data breach after attackers accessed a third-party platform supporting client tax services.
- Attackers accessed the system from March 28 to April 12, 2026, and downloaded some client documents.
- Exposed tax documents may contain personal and financial information, increasing risks of fraud and phishing attacks.
- EY says it stopped the access, secured affected systems, and offered identity protection services to affected people.
Ernst & Young discloses data breach after attackers accessed clients’ tax documents.
Ernst & Young (EY), one of the world’s largest professional services firms, has disclosed a data breach after an unauthorized attacker compromised a third-party system used by the firm.
The accounting giant notified affected individuals through a filing with the California Department of Justice, revealing that attackers gained access to a third-party IT service management platform used to support EY employees working on client tax services.
EY said the incident involved documents that may have contained personal information and financial details related to clients’ tax filings, as support tickets submitted through the platform may include attached documents with sensitive information.
EY did not disclose how many individuals were affected or which third-party provider was breached.
EY is one of the world’s Big Four accounting and professional services networks, alongside Deloitte, PwC, and KPMG.
Headquartered in London, the company provides assurance, tax, consulting, and strategy services to organizations worldwide. EY employs more than 400,000 people across over 150 countries.
Unauthorized access detected in April
According to the notification letter, EY identified suspicious activity within the platform on April 23rd, 2026. The company’s security team launched an investigation immediately.
As a result of the investigation, EY determined that an unauthorized third party accessed the platform between March 28th and April 12th, 2026, and downloaded documents belonging to a number of EY clients.
The company said the unauthorized access has been stopped and that affected systems have been secured.
“EY has worked with an independent cybersecurity firm to investigate the incident and confirm that the unauthorized access has been stopped,” the company said in a notice.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Customers are at risk of fraud
Tax documents, if exposed, may put E&Y customers at risk of fraud and social engineering attacks. Attackers could exploit information to craft convincing phishing messages and spread malware or steal more valuable information.
“At this time, we are not aware of any misuse or further exposure of your personal information as a result of this incident. Further, we do not have any indication your personal information was specifically targeted,” E&Y said.
The company has offered affected individuals access to identity protection services through Experian IdentityWorks, including identity monitoring and restoration support.
EY was previously targeted
EY was previously caught up in the massive Cl0p data breach. The company was named as the victim of the MOVEIt hack.
EY said over 30,000 Bank of America customers were exposed, with threat actors accessing financial account information and credit card numbers.
It remains unclear who is responsible for the current incident, as the company has not disclosed whether ransomware was involved or identified the threat actor responsible.