🔐
Security 📅 2026-07-17 · 03:38 PM IST ⏱ 2 min read

Major Accounting Firm EY Confirms Customer Data Exposed in Technical Support System Attack

Ernst & Young reveals hackers accessed client information through compromised support portal, affecting enterprise customers worldwide.

A Major Professional Services Firm Falls Victim to Cyber Attack

Ernst & Young, one of the world's largest accounting and consulting companies, has announced that criminals gained unauthorized access to sensitive customer information through a breach of its technical support system. The incident represents a significant security failure at an organization trusted by thousands of businesses to handle their most confidential financial and operational data.

The breach occurred when attackers successfully compromised the company's support infrastructure—essentially the digital "help desk" that clients use when they need technical assistance. Rather than attacking EY's main business systems directly, cybercriminals found a weaker entry point through this support channel and leveraged it to steal customer information. This is similar to breaking into a building through an unlocked side door rather than attempting to force the front entrance.

What This Means

This incident highlights a persistent vulnerability in corporate security: support systems are often built for convenience and ease of access, which can make them less secure than primary business networks. Companies frequently prioritize quick customer service over fortress-like defenses, creating gaps that determined attackers can exploit.

For EY specifically, this breach damages its reputation as a trustworthy steward of sensitive business information. The firm advises companies on security matters and handles confidential financial records, making this breach particularly embarrassing and concerning for its stakeholders.

The attack demonstrates that even large, sophisticated organizations with significant resources remain vulnerable to determined adversaries who are willing to look for alternative entry points.

Why You Should Care

What You Can Do

For EY clients: Contact the company directly to understand exactly what information was compromised in your account. Review your recent invoices, financial statements, and account activity for any suspicious changes. Consider placing fraud alerts on relevant accounts if personal information was exposed.

For security professionals: Conduct an audit of your own support systems and technical assistance portals. Ensure they have multi-factor authentication, strong access controls, and regular security testing. Support systems should not be afterthoughts in your security strategy.

For everyone: Use this as a prompt to review what information you've shared with various service providers and whether you truly trust them with that data.

When even major corporations struggle to protect customer data, remaining vigilant about your own digital security becomes increasingly important.

📎 This is original ITVedas reporting. This story was inspired by coverage from bleepingcomputer.com. Visit the source for their original reporting.

Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.

Explore IT Chapters →