Ernst & Young (EY) disclosed a data breach after attackers compromised a third-party IT support system containing client documents and tax information.Ernst & Young (EY) is disclosed a data breach linked to a compromised third-party support ticket system used by its IT teams. The platform stored support requests that may have included documents containing client tax information. “EY uses a third-party information technology service management platform to help EY information technology personnel provide support to EY teams performing tax-related work for clients. Support tickets submitted through the platform may include documents containing client tax information. On April 23, 2026, EY identified anomalous activity within that platform.” reads the data breach notification. ” “EY’s Information Security team immediately initiated its incident response procedure to determine the nature and scope of the incident, contain it, and begin remediation and recovery efforts. EY has worked with an independent cybersecurity firm to investigate the incident and confirm that the unauthorized access has been stopped, and our systems are now secure. Based on EY’s investigation and available evidence, between March 28, 2026, and April 12, 2026, an unauthorized third party accessed the platform referenced above and downloaded documents pertaining to a number of EY clients.”Ernst & Young is one of the world’s Big Four professional services firms, providing audit, tax, consulting, cybersecurity, and transaction advisory services. The company operates in more than 150 countries, with around 406,000 employees and global revenues of approximately $53.2 billion in fiscal year 2025. Its access to sensitive client data makes it a high-value target.Ernst & Young revealed that it detected anomalous activity on its networks on April 23 and launched an investigation into the security breach with the help of external cybersecurity experts.The company determined that an unauthorized third party had accessed the said platform between March 28 and April 12 and downloaded multiple documents.The compromised information included certain personal and financial data contained in or used to prepare tax filings. At this time, it is unclear how many customers were impacted by the incident.EY announced it has secured its systems, removed unauthorized access, and notified federal authorities. The company pointed out that it has no evidence of misuse of the exposed files or targeted attacks against specific individuals. “At this time, we are not aware of any misuse or further exposure of your personal information as a result of this incident. Further, we do not have any indication your personal information was specifically targeted.” continues the notification. “Nevertheless, we are providing information about steps you can take to further secure your personal information.”To support affected clients, EY is offering 24 months of identity monitoring and restoration services through Experian. At this time, no ransomware group has claimed responsibility for the attack.Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, EY)