On August 9, 2023, Ernst & Young LLP (“EY”) filed a notice of data breach with the Attorney General of Massachusetts after discovering that a vulnerability in a third-party software called MOVEit resulted in an unauthorized party being able to access confidential consumer data. In this notice, EY explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, financial account information, debit or credit card numbers, Social Security numbers, and other government-issued identification numbers. Upon completing its investigation, EY began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Ernst & Young LLP, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Ernst & Young / MOVEit data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Ernst & Young?

The Ernst & Young data breach was only recently announced, and more information is expected in the near future. However, EY’s filing with the Attorney General of Massachusetts provides some important information on what led up to the breach. According to this source, EY provides consulting, advisory, and tax services to Bank of America. To perform these services, Bank of America must provide EY with certain personal data.

In the regular course of business, EY uses a file transfer software called MOVEit. MOVEit is created by Progress Software. On May 31, 2023, Progress Software informed EY that MOVEit suffered from a security vulnerability. In response, EY secured its systems and launched an investigation into the incident with the help of third-party data security specialists.

After learning that sensitive consumer data was accessible to an unauthorized party, Ernst & Young reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, financial account information, debit or credit card numbers, Social Security number, and other government-issued identification numbers. Bank of America’s computer network was not affected by the incident.

On August 9, 2023, Ernst & Young sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Ernst & Young LLP

Ernst & Young LLP is a division of the accounting firm Ernst & Young Global Limited, which is headquartered in London, England, United Kingdom. EY is one of the Big Four accounting firms, offering primarily assurance, tax, consulting and advisory services to its clients across the world. Ernst & Young employs more than 297,000 people and generates approximately $45 billion in annual revenue.