Moss Adams reports data breach

Register now

Moss Adams, a Seattle-based Top 20 Firm, issued a notice of a data security incident that it detected in October exposing the names and Social Security numbers of some of its clients.

The data breach was reported to the California Attorney General’s office, which requires businesses and state agencies to notify any California resident if their unencrypted personal information has been exposed to an unauthorized person.

In a letter to affected clients, the firm wrote that it “recently learned that an unauthorized individual gained access to a Moss Adams employee email account containing your personal information. We are writing to notify you of this incident, to offer you complimentary credit monitoring and identity protection services, and to inform you about steps that can be taken to help protect your personal information.”

On Oct. 10, 2019, the firm said it detected unusual activity associated with a single Moss Adams employee’s email account. “We immediately took steps to secure the account and launched an investigation," said the firm. “Our investigation subsequently determined that the impacted Moss Adams email account was accessed by an unauthorized third party and this account contained some of your personal information, although we do not know if your personal information in the email account was actually accessed by the third party. Please note that this unauthorized access was limited to information transmitted via email and did not affect any other information systems.”

The firm said the information contained within the impacted email accounts included names and Social Security numbers. The letter does not state how many clients were affected. A representative for Moss Adams did not respond to a request for comment. The firm is offering affected clients 12 months of free credit monitoring by TransUnion.

(Pictured below: Moss Adams offices in Seattle)

For reprint and licensing requests for this article, click here.
Data breaches Cyber security Identity theft protection Data security Personally identifiable information