On September 25, 2024, Feldstein & Stewart, LLP (F&S), an accounting firm based in New City, New York, filed a notice of data breach with the Attorney General of Maine. The breach occurred after the company experienced a network disruption that allowed unauthorized access to portions of its computer system. Sensitive consumer information, including names, Social Security numbers, driver’s license numbers, and state identification numbers, was compromised. In response to the incident, F&S immediately secured its network and initiated an investigation with the help of third-party cybersecurity experts.
The breach was first identified on March 25, 2024, when F&S learned of the security incident and took prompt action to investigate. During the investigation, the company discovered that an unauthorized party had accessed confidential files within its network, which contained personal information belonging to certain individuals. Following this revelation, F&S conducted a thorough review of the compromised files to determine the extent of the breach and identify the affected individuals. This process was completed on September 16, 2024.
Upon completion of its review, Feldstein & Stewart began sending data breach notification letters to the affected individuals on September 25, 2024. The letters outlined the specific personal information that was compromised and provided guidance on steps individuals could take to protect themselves from potential misuse of their data. The company also offered affected individuals a list of the specific types of sensitive information exposed during the breach, although the full details were not disclosed publicly.
Feldstein & Stewart is a small accounting firm that provides various services such as tax planning, auditing, bookkeeping, and business consulting. The firm employs more than 25 people and generates around $5 million in annual revenue. While F&S has taken steps to secure its systems and notify those impacted, it continues to work with cybersecurity experts to enhance its data security measures and prevent future incidents.
Reference:
