Ernst & Young discloses data breach after support system hack

Summary

Ernst & Young has disclosed a data breach resulting from a hack of a third-party support ticket system used by its IT staff. The attackers gained access through the compromised system, potentially exposing customer information. EY is currently notifying affected individuals.

IFF Assessment

FOE

This event is bad news for defenders as it highlights a successful breach of a major consulting firm, indicating potential risks to sensitive client data.

Defender Context

This incident underscores the critical importance of supply chain security and third-party risk management. Defenders should be vigilant about the security practices of their vendors and partners, especially those handling sensitive data or systems. Monitoring for unusual activity in support systems and implementing robust access controls are key mitigation strategies.

Read Full Story →