Ernst & Young Suffers Data Breach

Ernst & Young LLP (EY), a prominent United States firm providing consulting, advisory, and tax services, has issued a notification regarding a recent data security breach involving personal data. EY’s services are utilized by Bank of America, involving the handling of sensitive information.

The breach came to light on May 31, 2023, when EY was alerted by their third-party supplier, Progress Software Corporation, about a security vulnerability in their MOVEit Transfer solution. MOVEit Transfer is a commonly used file transfer tool adopted by various organizations, including EY. In response, EY launched an immediate investigation and implemented measures to secure their systems. Working alongside third-party security experts, EY is actively assessing the extent of the issue and formulating an appropriate response. Bank of America has confirmed that their systems remained unaffected by the incident.

The compromised files within the third-party software contained sensitive personal data, including first names or initials, last names, addresses, financial account information, credit and debit card numbers, social security numbers, and other government-issued identification numbers.

EY is taking proactive measures to safeguard the affected individuals from potential identity theft, phishing attacks, and misuse of their personal information. As an additional security measure, Bank of America will provide a complimentary two-year membership to Experian IdentityWorksSM, an identity theft protection service. This service includes features such as daily credit report monitoring from major credit reporting agencies, internet surveillance, and assistance in resolving identity theft cases. It’s important to note that the service will not automatically renew after the complimentary period ends, and any renewal will need to be managed directly through Experian IdentityWorksSM.

EY’s swift response to this incident highlights their commitment to addressing data security concerns promptly and ensuring the protection of personal information. As investigations continue, those affected are urged to remain vigilant against potential risks and take necessary precautions to protect their personal data. It is advisable to stay informed through official channels and resources for the latest updates regarding this situation.