Skip to content
  • Home
  • Latest Data Breaches
  • Contact Us
  • About Us
  • What You Need to Know
info@databreachrights.com
info@databreachrights.com
  • Home
  • Latest Data Breaches
  • Contact Us
  • About Us
  • What You Need to Know

Hallisey & D’Agostino Data Breach Exposes Social Security Numbers and Financial Information

/ Finance / By databreachrights
Finance data breach illustration
Breach Discovery: 21st October 2025Breach Notification: 17th April 2026

What Happened in the Hallisey & D’Agostino Data Breach?

Hallisey & D’Agostino, LLP, a full-service accounting firm based in Wethersfield, Connecticut, has confirmed a data breach affecting thousands of clients and consumers. The firm discovered unusual activity on its computer network on October 21, 2025. This discovery prompted an immediate internal review to determine the scope of the problem.

As a result of the discovery, the firm quickly took steps to secure its network. It also brought in external cybersecurity experts to investigate the incident thoroughly. The investigation later determined that an unknown actor had unauthorized access to the firm’s systems for roughly 24 days, between September 28, 2025, and October 22, 2025.

During that window, the intruder potentially acquired certain files from the firm’s network. Because the Hallisey & D’Agostino data breach involved sustained access over several weeks, the forensic review took time to complete. The firm did not begin notifying affected individuals in writing until April 17, 2026, several months after the intrusion occurred.

In addition to notifying consumers, the firm reported the breach to attorneys general offices in Maine, Massachusetts, and New Hampshire. These filings offer additional detail on how the incident unfolded and who was affected. Investigators continue to review exactly what information was accessed during the breach period.

Who was affected?

The breach affected 16,683 individuals across the United States. Of those, 981 people live in New Hampshire, 737 live in Massachusetts, and 74 live in Maine. Because Hallisey & D’Agostino is an accounting firm, the affected individuals likely include current and former clients whose financial records the firm maintained.

The remaining affected individuals are spread across other states, though the exact state-by-state breakdown beyond these three has not been publicly disclosed. As a result, anyone who has used the firm’s accounting or tax services in recent years should consider themselves potentially at risk. Clients who shared sensitive financial or identifying documents with the firm face the greatest exposure.

What Information Was Potentially Exposed?

The investigation identified several categories of sensitive personal information that the intruder could have accessed during the breach period. This data was stored on the firm’s network as part of its normal accounting and client-service operations.

  • Full names
  • Social Security numbers
  • Driver’s license numbers
  • Financial account numbers, including credit and debit card numbers
  • Account access information

Because this breach exposed Social Security numbers alongside financial account details, affected individuals face a heightened risk of identity theft. Criminals can use this combination of data to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. This is especially concerning given the firm’s role in preparing tax documents.

In addition, the exposure of driver’s license numbers increases the risk of identity fraud beyond financial accounts. For example, a stolen license number can help a criminal create fake identification or pass identity checks. Because access credentials were also compromised, affected individuals should watch closely for unauthorized account logins in addition to new-account fraud.

What is the company doing?

After discovering the intrusion, Hallisey & D’Agostino acted quickly to contain the threat and secure its network. The firm then partnered with outside cybersecurity specialists to investigate the full scope of the breach. This response allowed the firm to determine which files were accessed and which individuals needed notification.

As part of its ongoing response, the firm is offering complimentary identity theft protection through IDX, a data breach recovery services provider. These services include credit monitoring, CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery support. Affected individuals received a unique enrollment code in their notification letter, which is required to sign up.

The firm has also set up a dedicated toll-free call center to answer questions about the incident. Representatives are available Monday through Friday, from 9 a.m. to 9 p.m. Eastern Time, excluding major U.S. holidays. Because the enrollment deadline for the free protection services is July 17, 2026, affected individuals should act promptly to take advantage of this offer.

What Should Affected Individuals Do?

Enroll in the Free Identity Protection Services

Anyone who received a notification letter should enroll in the complimentary IDX identity protection services before the July 17, 2026 deadline. This service includes credit monitoring, CyberScan monitoring, and a substantial insurance reimbursement policy at no cost.

To enroll, individuals need the unique code included in their letter. Because enrollment requires this code, affected individuals should keep their notification letter in a safe place until they complete the sign-up process. This monitoring can help catch suspicious activity early.

Place a Fraud Alert or Credit Freeze

Given that Social Security numbers and financial account numbers were exposed, affected individuals should strongly consider placing a fraud alert or credit freeze with the three major credit bureaus. A credit freeze restricts access to your credit file, which makes it harder for criminals to open new accounts in your name.

A fraud alert, on the other hand, requires creditors to verify your identity before extending new credit. Both options are free and can be requested directly through Equifax, Experian, and TransUnion. Because these protections work differently, some individuals choose to use both for added security.

Monitor Financial Accounts and Credit Reports Closely

Affected individuals should review their bank and credit card statements regularly for unfamiliar charges. In addition, requesting a free credit report from each of the three major bureaus can help reveal accounts opened without your knowledge.

Because financial account numbers were compromised, it’s also wise to contact your bank directly to discuss whether replacing affected cards makes sense. This is a proactive step that can prevent unauthorized transactions before they happen. Consumers should continue monitoring for at least a year following the breach.

Watch for Phishing Attempts and Suspicious Contact

Following a breach like this, scammers often use stolen information to craft convincing phishing emails, texts, or phone calls. As a result, affected individuals should be cautious of any unexpected messages asking for personal or financial details.

Legitimate organizations rarely ask for sensitive information through unsolicited messages. Therefore, individuals should verify the identity of any caller or sender before providing information. If something feels off, it’s best to contact the organization directly using a verified phone number.

Consider Consulting a Data Breach Attorney

Because this breach involved highly sensitive data like Social Security numbers and driver’s license numbers, some affected individuals may want to understand their legal options. A data breach attorney can review the specifics of your situation and explain whether you may be eligible for compensation.

Many attorneys offer free case evaluations, so there’s little downside to asking questions. This step can be especially useful for individuals who experience direct financial harm connected to the breach.



More Information

Official Notice from Hdllpcpa

Official Notice from Maine

Official Notice from Mass

Official Data Breach Notification Letter (PDF)

Official Notice from Idx

Related Data Breaches

  • Money Mart Data Breach Exposes Social Security Numbers and Personal Information
  • Mark Leyden & Associates Data Breach Exposes Social Security Numbers and Financial Information
  • Brown Advisory Data Breach Exposes Social Security Numbers and Financial Information
← Previous Post
Next Post →

DataBreachRights

5547 Edmonson Pike Suite 67

Nashville, TN 37211

Phone : 615-968-2858

Email : info@databreachrights.com

 

  • Home
  • Latest Data Breaches
  • Contact Us
  • Terms of Service
  • Legal Disclaimer
  • Privacy Policy