Ernst & Young US Reports MOVEit Data Breach, Exposing Bank of America Clients

Ernst & Young LLP ("EY") reported a data breach incident traced back to a vulnerability present in the MOVEit third-party  which subsequently allowed an unauthorized party to gain access to sensitive consumer data.

EY is providing consulting, advisory, and tax services to corporate customers including Bank of America, which includes the sharing of specific personal data by the bank with EY.

As part of its operational practices, EY employs a file transfer software named MOVEit, developed by Progress Software. It was brought to EY's attention on May 31, 2023, that MOVEit was afflicted by a security vulnerability. In response, EY launched an investigation into the incident, enlisting the expertise of third-party data security specialists.

Importantly, it's worth noting that Bank of America's computer network remained unaffected by this incident.

EY discovered that as a result of this security lapse, confidential information belonging to consumers was compromised, encompassing details such as

• names,
• addresses,
• financial account particulars,
• debit or credit card numbers,
• Social Security numbers,
• other pertinent government-issued identification data.

No details are disclosed about the number of affected individuals in this breach.

Following the completion of their investigation into the matter, EY promptly commenced the distribution of data breach notification letters to all individuals whose personal information had been affected by the recent breach of security protocols.