Louisiana accounting firm says data breach impacted more than 125,000 customers

Lafayette, Louisiana-based public accounting firm Wright, Moore, DeHart, Dupuis & Hutchinson said it experienced a data security incident that compromised the sensitive personal information of more than 125,000 individuals.

 

In a filing with the Office of Maine Attorney General, the accounting firm said that on July 11, it identified suspicious activity in its internal network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the business.

 

“As a result of the investigation, we identified that certain WMDDH data may have been acquired without authorisation. WMDDH then engaged an independent team to conduct a comprehensive review of all potentially affected data, and on May 8, 2024, that review determined that your personal information may have been affected,” the firm said in a letter sent to affected customers.

 

The compromised data included names, Social Security numbers, driver’s licence numbers, financial account numbers, passport numbers, and medical/treatment information. The firm’s filing with the Maine state regulator also revealed that at least 127,431 individuals were impacted by the data security incident.

 

WMDDH added that immediately after identifying the incident, it took steps to secure the affected network and implemented additional security features to reduce the risk of a similar incident occurring in the future.

 

While the accounting firm found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Experian IdentityWorks to all affected individuals.

 

On July 12, ALPHV/BlackCat ransomware group claimed responsibility for a cyber attack on the accounting firm and listed it as a victim on its data leak site. The group claimed to be in possession of 766 GB of data that included sensitive personal data of employees, client’s personal data, confidential company information and more.