compliance · BleepingComputer
Ernst & Young disclosed a data breach affecting its support ticket system used by IT personnel. According to the company, an unauthorized third party accessed the platform between March 28 and April 12, downloading multiple documents containing personal and financial data related to client tax filings. EY detected anomalous activity on April 23 and engaged external cybersecurity experts to investigate. The company has not disclosed the exact number of affected customers, specific data types exposed, or geographic scope of the incident. EY has notified law enforcement, secured its systems, and is offering 24 months of identity monitoring through Experian to affected clients.
This incident carries material implications for Omniware's clients in regulated sectors. Defense contractors and professional services firms handling sensitive client information should examine their third-party vendor risk management and access controls—particularly for support platforms that may process classified or controlled unclassified information. SaaS companies and healthcare providers subject to SOC 2 and HIPAA should review whether their IT support tooling creates similar exposure vectors and ensure logging and monitoring detect lateral movement into systems holding regulated data. An Omniware engagement can scope vendor risk assessment, access control segmentation, and detective controls relevant to your compliance posture.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/ernst-and-young-discloses-data-breach-after-support-system-hack/
Source: BleepingComputer
All briefings