EY Data Breach: What & How It Happened?
Twingate Team
•
Jun 20, 2024
In a data breach that came to light in late June, Ernst & Young (EY) experienced unauthorized access to their systems, exposing the personal data of numerous Bank of America customers. The Cl0p ransomware gang claimed responsibility for the breach, which was a result of the MOVEit Transfer attacks.
How many accounts were compromised?
The breach impacted data related to 30,210 individuals.
What data was leaked?
The data exposed in the breach included first and last names, addresses, financial account information, debit or credit card numbers, Social Security numbers, and government-issued ID numbers.
How was EY hacked?
The Cl0p ransomware gang infiltrated EY's servers by exploiting a SQL database injection flaw in the MOVEit Transfer file system during the MOVEit Transfer attacks. This breach exposed the personal data of over 30,000 Bank of America customers.
EY's solution
In response to the hacking incident, EY took several measures to secure its platform and prevent future incidents. While specific details on the removal of malware and backdoors remain unclear, EY's US branch began contacting individuals impacted by the data breach, specifically reaching out to Bank of America clients whose data it was handling. EY also urged potential victims to be vigilant and cautiously review account statements and credit reports for suspicious activity. Although the exact enhanced security protocols are not mentioned, EY's Privacy and Cyber Response services help organizations develop data governance frameworks and achieve data protection and privacy compliance, which may have been utilized in response to the breach.
How do I know if I was affected?
EY has contacted individuals believed to be affected by the breach. If you're a Bank of America customer whose data was handled by EY and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for all accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts, if available. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep a close eye on your financial accounts and credit reports for any suspicious activity or unauthorized transactions.
For more specific help and instructions related to EY's data breach, please contact EY's support directly.
Where can I go to learn more?
If you want to find more information on the EY data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
EY Data Breach: What & How It Happened?
Twingate Team
•
Jun 20, 2024
In a data breach that came to light in late June, Ernst & Young (EY) experienced unauthorized access to their systems, exposing the personal data of numerous Bank of America customers. The Cl0p ransomware gang claimed responsibility for the breach, which was a result of the MOVEit Transfer attacks.
How many accounts were compromised?
The breach impacted data related to 30,210 individuals.
What data was leaked?
The data exposed in the breach included first and last names, addresses, financial account information, debit or credit card numbers, Social Security numbers, and government-issued ID numbers.
How was EY hacked?
The Cl0p ransomware gang infiltrated EY's servers by exploiting a SQL database injection flaw in the MOVEit Transfer file system during the MOVEit Transfer attacks. This breach exposed the personal data of over 30,000 Bank of America customers.
EY's solution
In response to the hacking incident, EY took several measures to secure its platform and prevent future incidents. While specific details on the removal of malware and backdoors remain unclear, EY's US branch began contacting individuals impacted by the data breach, specifically reaching out to Bank of America clients whose data it was handling. EY also urged potential victims to be vigilant and cautiously review account statements and credit reports for suspicious activity. Although the exact enhanced security protocols are not mentioned, EY's Privacy and Cyber Response services help organizations develop data governance frameworks and achieve data protection and privacy compliance, which may have been utilized in response to the breach.
How do I know if I was affected?
EY has contacted individuals believed to be affected by the breach. If you're a Bank of America customer whose data was handled by EY and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for all accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts, if available. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep a close eye on your financial accounts and credit reports for any suspicious activity or unauthorized transactions.
For more specific help and instructions related to EY's data breach, please contact EY's support directly.
Where can I go to learn more?
If you want to find more information on the EY data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
EY Data Breach: What & How It Happened?
Twingate Team
•
Jun 20, 2024
In a data breach that came to light in late June, Ernst & Young (EY) experienced unauthorized access to their systems, exposing the personal data of numerous Bank of America customers. The Cl0p ransomware gang claimed responsibility for the breach, which was a result of the MOVEit Transfer attacks.
How many accounts were compromised?
The breach impacted data related to 30,210 individuals.
What data was leaked?
The data exposed in the breach included first and last names, addresses, financial account information, debit or credit card numbers, Social Security numbers, and government-issued ID numbers.
How was EY hacked?
The Cl0p ransomware gang infiltrated EY's servers by exploiting a SQL database injection flaw in the MOVEit Transfer file system during the MOVEit Transfer attacks. This breach exposed the personal data of over 30,000 Bank of America customers.
EY's solution
In response to the hacking incident, EY took several measures to secure its platform and prevent future incidents. While specific details on the removal of malware and backdoors remain unclear, EY's US branch began contacting individuals impacted by the data breach, specifically reaching out to Bank of America clients whose data it was handling. EY also urged potential victims to be vigilant and cautiously review account statements and credit reports for suspicious activity. Although the exact enhanced security protocols are not mentioned, EY's Privacy and Cyber Response services help organizations develop data governance frameworks and achieve data protection and privacy compliance, which may have been utilized in response to the breach.
How do I know if I was affected?
EY has contacted individuals believed to be affected by the breach. If you're a Bank of America customer whose data was handled by EY and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for all accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts, if available. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep a close eye on your financial accounts and credit reports for any suspicious activity or unauthorized transactions.
For more specific help and instructions related to EY's data breach, please contact EY's support directly.
Where can I go to learn more?
If you want to find more information on the EY data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions