BusinessCybersecurityNewswireTechnologyWhat's Buzzing

Ernst & Young data breach exposed after support system hack

▼ Summary

– Ernst & Young is notifying customers of a data breach resulting from a compromised third-party support ticket system used by its IT staff.
– The breach involved unauthorized access to the third-party system, exposing customer data.
– The incident highlights risks associated with third-party vendor security in corporate IT operations.
– EY is taking steps to address the breach and notify affected customers.
– The company is working to enhance security measures to prevent future similar incidents.

Ernst & Young is currently alerting clients about a data breach that originated from a compromise of a third-party support ticket system used by its own IT staff. The incident, which exposed sensitive client information, underscores the growing risks associated with outsourcing critical support functions.

The breach came to light after unauthorized access was gained to the third-party support platform that manages internal IT requests. While the firm has not disclosed the exact number of affected customers, it has initiated a notification process to inform those whose data may have been involved. EY is also working with the compromised vendor to investigate the scope of the intrusion and implement additional security measures.

This event highlights a persistent vulnerability in corporate cybersecurity: the reliance on external vendors for IT support. Even when an organization maintains robust internal defenses, a breach at a third-party service provider can create a backdoor into sensitive systems. For EY, a global professional services giant handling highly confidential financial and legal data, the stakes are particularly high.

The firm has stated that it is taking the matter seriously and is reviewing its vendor management protocols. Affected clients are being offered credit monitoring and identity protection services as a precaution. As companies increasingly depend on outsourced IT support, this breach serves as a stark reminder that supply chain security must be a top priority in any comprehensive cybersecurity strategy.

(Source: BleepingComputer)

Topics

data breach 95% third-party risk 92% cybersecurity incident 90% customer notification 88% it support systems 85% vendor security 83% Data Privacy 80% enterprise security 78% incident response 76% Regulatory Compliance 74%