Please ensure Javascript is enabled for purposes of website accessibility
January 28, 2023

Moss Adams Got Hacked, Y’all

Hope everyone is having a good start to 2020. We’re s-l-o-w-l-y easing our way back to normalcy at GC HQ and catching up on things we missed during the past week. Like Moss Adams disclosing a data breach, in which names and Social Security numbers of clients were exposed.

How many clients were affected? We don’t know yet. When did it happen? According to a letter to clients that was posted on the California attorney general’s website, Moss Adams said the breach occurred on Oct. 10, 2019:

On October 10, 2019, we detected unusual activity associated with a single Moss Adams employee’s email account. We immediately took steps to secure the account and launched an investigation. Our investigation subsequently determined that the impacted Moss Adams email account was accessed by an unauthorized third party and this account contained some of your personal information, although we do not know if your personal information in the email account was actually accessed by the third party. Please note that this unauthorized access was limited to information transmitted via email and did not affect any other information systems.

Could this breach have been prevented? Most likely. If Moss Adams didn’t use multifactor authentication or two-factor authentication security protocols, much like Deloitte when its global email server was hacked in 2017, that would be pretty embarrassing.

Per usual when companies of Moss Adams’ size get hacked, it has offered to pay for identity theft protection and credit monitoring service for those affected:

[O]ut of an abundance of caution, we are offering you a one-year membership to TransUnion Interactive’s myTrueIdentity credit monitoring and identity restoration service at no cost to you. This product provides you with premier credit monitoring and identity theft resolution, including up to $1 million of identity theft insurance coverage. To receive these services, you must be over the age of 18, have established credit in the U.S., have a Social Security number in your name, and have a U.S. residential address associated with your credit file.

You can follow the recommendations included with this letter to help protect your information. Specifically, we recommend that you review your credit report for unusual activity. If you see anything that you do not understand or that looks suspicious, you should contact the consumer reporting agencies for assistance using the contact information included with this letter. In addition, you can enroll in the free credit monitoring services that we are offering to you through TransUnion Interactive. Enrollment instructions are included with this letter.

We’ll continue to monitor this situation. In the meantime, if anyone at MA has any additional info about the breach, hit us up by email or text/call us on our tips hotline (see below).

Latest Accounting Jobs--Apply Now:

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles

Promotion Watch ’23: It’s New Partner Season at CohnReznick

Feb. 1 will be a big day at the 15th richest public accounting firm in the U.S. as 19 people will be admitted into the partnership at CohnReznick. “As CohnReznick continues to expand its capabilities and market presence, recognizing the talents and achievements of outstanding professionals is critical to our growth strategy,” said CohnReznick CEO […]

kids pretending to work in an office

RSM Does Not Aspire to Be KPMG

RSM International CEO Jean Stephens spoke to Financial Times recently and let everyone know that her firm is totally open to a little wheeling and dealing that would bump them up from their current spot as the sixth largest firm (#5 on the IPA 500). Coincidentally, RSM just released their revenue numbers and they are […]