What Happened in the Ernst & Young Data Breach?
Ernst & Young, widely known as EY, has confirmed a data breach tied to a hacked support ticket system. The Ernst & Young data breach affected a third-party platform used by the company’s IT personnel to manage support requests. As a result, hackers gained access to documents tied to client tax filings.
According to the breach notification, EY detected anomalous activity on its network in April 2026. The company quickly began an investigation to determine the scope of the intrusion. With the help of outside cybersecurity experts, EY later determined that unauthorized access to the support platform occurred between March 2026 and April 2026, during which the intruder downloaded multiple documents.
Because support tickets often included attachments, some of the stolen files contained personal and financial data used to prepare tax filings. EY has not disclosed exactly which data categories appeared in the stolen files. This is because the notification letter uses a placeholder for specific data types rather than listing them directly.
After discovering the intrusion, EY moved to secure its systems and remove the unauthorized access. The company also notified federal law enforcement authorities about the incident. So far, EY says it has found no evidence that the stolen files have been misused or leaked further.
Who was affected?
The breach appears to affect clients who submitted support tickets containing tax-related documents through the compromised platform. Because EY provides auditing, tax, and advisory services to major organizations, the affected individuals could include employees or customers of EY’s corporate clients rather than only direct EY customers.
EY has not publicly disclosed how many people were affected by this incident. The company also has not confirmed whether the breach impacts only its U.S. customer base or extends to clients in other countries. However, EY filed a notification with the California Attorney General’s office, which indicates that at least some affected individuals are U.S. residents.
Given EY’s massive global client roster, the population of potentially affected individuals could span many industries. As a result, the scope of this breach may become clearer as more state notifications or lawsuits surface in the coming months.
What Information Was Potentially Exposed?
The exact categories of exposed information have not been fully detailed in EY’s public notification. However, the company has confirmed that stolen documents included personal and financial data connected to tax preparation.
- Personal identifying information used in tax filings
- Financial information tied to tax preparation documents
- Support ticket attachments containing client records
Because tax documents often include Social Security numbers, income details, and banking information, affected individuals face a heightened risk of identity theft. Fraudsters could use this type of data to file fraudulent tax returns or open new credit accounts in someone else’s name.
In addition, financial data stolen from tax records can enable targeted phishing attempts. Scammers often pose as tax authorities or financial institutions to trick victims into revealing more sensitive information. Therefore, affected individuals should treat any unexpected tax-related communication with caution.
What is the company doing?
EY responded to the breach by securing its systems and removing the unauthorized access from its network. The company also engaged external cybersecurity experts to investigate the full scope of the intrusion. In addition, EY reported the incident to federal law enforcement authorities.
As an ongoing protective measure, EY is offering affected clients 24 months of identity monitoring and restoration services through Experian. The company is urging recipients of its notification letter to enroll by October 31, 2026. EY states it has no indication that any specific individuals were deliberately targeted by the attacker.
What Should Affected Individuals Do?
Monitor Your Credit Reports
Affected individuals should regularly check their credit reports for unfamiliar accounts or inquiries. Because tax-related documents often contain financial identifiers, monitoring your credit report can help you catch fraud early.
You can request free credit reports from each major credit bureau once a year. As a result, spreading these requests throughout the year lets you monitor your credit more consistently.
Consider a Fraud Alert or Credit Freeze
Because the stolen documents may have included financial and tax-related details, placing a fraud alert on your credit file is a smart precaution. A fraud alert requires lenders to verify your identity before opening new credit in your name.
For stronger protection, you can also request a credit freeze, which blocks most access to your credit file entirely. This step can prevent identity thieves from opening new accounts even if they have your personal information.
Watch for Tax-Related Fraud
Since the breach involved documents used in tax preparation, affected individuals should watch closely for signs of tax fraud. For example, receiving an IRS notice about a return you didn’t file could indicate someone used your stolen data.
If this happens, contact the IRS immediately and consider filing an Identity Theft Affidavit. In addition, alert your state tax agency, since fraudulent filings can also occur at the state level.
Enroll in the Identity Monitoring Service
EY is offering affected clients 24 months of identity monitoring and restoration service through Experian at no cost. Because this service can alert you to suspicious activity, enrolling before the October 31, 2026 deadline is a practical step.
This monitoring can help detect misuse of your personal information early. However, it should complement, not replace, your own regular credit and account monitoring.
Stay Alert for Phishing Attempts
Scammers often exploit data breaches by sending fake emails or calls that appear to come from trusted institutions. Therefore, be cautious of any message referencing this breach, tax filings, or requests for personal information.
Never click links or share sensitive details unless you can verify the sender’s identity. If you’re unsure whether a message is legitimate, contact the organization directly using a verified phone number or website.
More Information
Official Data Breach Notification Letter (PDF)
