Ernst & Young (EY), one of the world’s four largest professional services firms, has begun notifying clients of a data breach stemming from the compromise of a third-party support ticket system used by its IT personnel. The company says support tickets submitted through the platform sometimes included documents containing client tax information.

EY employs 406,000 people worldwide and reported $53.2 billion in global revenue last year, offering auditing, tax, consulting, and transaction advisory services across more than 150 countries.

Timeline of the Incident

According to the breach notification sent to affected clients, EY detected anomalous network activity on April 23 and launched an investigation with help from external cybersecurity experts. That investigation determined an unauthorized third party had accessed the support ticket platform between March 28 and April 12, downloading multiple documents during that window.

The exposed information reportedly included certain personal and financial data contained in, or used to prepare, tax filings. Because the notification sample includes a placeholder for specific data categories, the exact types of information compromised remain unclear. EY has also not disclosed how many clients were affected or whether the incident is limited to its U.S. customer base or extends to other countries where it operates.

Response and Mitigation

EY states it has secured its systems, removed the unauthorized access, and notified federal law enforcement. The company says it has no evidence of misuse or further exposure of the stolen files, and no indication that specific individuals were deliberately targeted by the attackers.

To help affected clients manage risk, EY is offering 24 months of identity monitoring and restoration services through Experian, urging recipients of the notification letter to enroll by October 31, 2026.

As of publication, no data extortion or ransomware group has claimed responsibility for the attack. BleepingComputer has reached out to EY for further comment but had not received a response at the time of reporting.

Why It Matters

Third-party support and ticketing systems remain a recurring weak point in enterprise security, particularly when internal IT staff use them to attach sensitive client documents for troubleshooting purposes. For a firm like EY, which routinely handles tax and financial records for major global organizations, even a limited-scope compromise can carry outsized downstream risk for its clients.