On January 17, 2025, Iannuzzi Manetta & Co, P.C. and its subsidiary Iannuzzi & Darling LLC filed a data breach notice with the Attorney General of Maine, following an unauthorized encryption of its network. The breach, which affected sensitive consumer information, was initially discovered on August 1, 2024, when Iannuzzi detected unauthorized encryption that shut down the firm’s operations. After promptly shutting down its network, Iannuzzi began investigating the breach with the help of outside cybersecurity experts, eventually confirming that certain data had been accessed by unauthorized parties.
The compromised information includes names, driver’s license numbers, Social Security numbers, health insurance details, medical record numbers, patient account numbers, and financial account information. Once the breach was identified, Iannuzzi worked to identify the individuals whose data had been compromised. The firm notified affected individuals through breach letters sent on January 17, 2025, providing them with information on what data had been accessed and advising on steps to protect their information.
The investigation revealed that the breach occurred as a result of hackers encrypting the firm’s network in early August 2024.
Iannuzzi was able to restore its systems by August 8, 2024, but the investigation continued through November 2024 before confirming the breach’s full extent. The firm’s IT team, alongside cybersecurity experts, examined compromised files to determine which consumer data had been accessed and which individuals had been impacted by the breach.
Iannuzzi Manetta & Co, based in Troy, Michigan, is a certified public accounting firm providing financial, accounting, and advisory services. Specializing in tax planning, business consulting, and auditing for individuals, businesses, and nonprofit organizations, the firm has about 25 employees and generates an estimated $5 million in annual revenue. This breach underscores the importance of robust cybersecurity measures, particularly for firms handling sensitive consumer data.
Reference: