Ernst & Young reports data breach via third-party support hack

A major professional services firm has confirmed a data breach after attackers breached a third-party support ticket system used by its IT staff. Ernst & Young (EY) is now notifying affected customers whose data may have been accessed during the incident.
Behind the breach: third-party risk in focus
The compromise originated in a support system operated by an external vendor that EY’s IT personnel relied on for troubleshooting and system maintenance. Attackers exploited weaknesses in the third-party platform to gain access to internal communications and, potentially, customer data linked to those tickets. While EY has not detailed the exact scope of the exposed information, the firm stated that customer data could have been accessed if it was included in support requests handled via the compromised system.
EY’s disclosure underscores a recurring challenge for large enterprises: the security of their supply chain and third-party tools. Even when core systems remain secure, a single weak link in the service provider network can open a backdoor into sensitive operations.
Next steps for customers
The firm is in the process of notifying impacted individuals and organizations, providing guidance on monitoring accounts and enabling additional security measures where appropriate. EY has also begun an internal review of its third-party security protocols and is working with the affected vendor to address vulnerabilities.
Why it matters
This incident highlights how third-party risk can ripple far beyond the initial breach point. For enterprises like EY, the lesson is clear: robust vetting and continuous monitoring of external partners are no longer optional. For customers, the breach serves as a reminder to scrutinize how their data is handled across an organization’s entire network of suppliers and services. In an era where supply chain attacks are rising, proactive due diligence is the best defense against silent exposure.
Source: BleepingComputer. AI-assisted editorial synthesis — TechnoExpress.

