‘Moss Adams’ Discloses Customer Data Breach Exposing Names & Social Security Numbers

• Moss Adams has suffered a security incident that has compromised personally identifiable information of its customers.
• The number of affected individuals is unknown, but the data that was exposed includes names and social security numbers.
• A hacker gained access to an employee’s email account and could have accessed other types of PII information as well. 

One of the largest public accounting firms in the United States, Moss Adams, has disclosed a data breach that exposed highly sensitive customer PII. More specifically, the type of data that was accessed by an unidentified third party includes customer full names and social security numbers. According to the notice, no other details were compromised, and the company’s internal network was not accessed by the hacker. However, the firm has chosen not to inform the public about the exact number of compromised individuals, or they simply can’t determine this with certainty yet.

As the notice details, a hacker has managed to take over the email account of one of Moss Adams’ employees on October 10, 2019. The firm’s IT team discovered this after unusual activity associated with this account became apparent on the network. Moreover, the firm states that while the hacker could have accessed the PII of their customers, they cannot determine if that actually happened or not. Moss Adams took the proper security and service restoration steps, and are now initiating an identity theft insurance coverage program for the affected customers to enroll in and take benefit.

If you are a customer of Moss Adams, call 833-935-1381 and ask for clarifications regarding your personal data. In the meantime, review your credit card and bank account activity and make sure to report any unusual activity immediately to your card issuer and the law enforcement. If you enroll in the firm’s identity protection program, you will get free-of-charge services of this type too. Moss Adams promises to cover every eligible customer for the next twelve months, so any fraudulent activity during this period will ring their alarms immediately.

Additionally, you may put your account on a security freeze, which is a multi-level protection step. If you do that, no credit card carrying your name can be issued by a financial institution without the provision of a PIN that will be known only to you. For detailed instructions on how to roll in the protection program and how to notify the authorities in the case that something is off, check out the letter that was published on the California Attorney General’s dedicated data breach online portal.

Do you have anything to comment on the above? Feel free to do just that in the section down below, or on our socials, on Facebook and Twitter.