Kerber Eck & Braeckel LLP (KEB) announced a data breach that affected sensitive personal and health information. On February 7, 2023, KEB identified suspicious activity on its network systems and immediately began an investigation into the incident. The investigation revealed that between January 27 and February 7, 2023, an unauthorized third party may have gained access to personal identifiable information (PII) and protected health information (PHI) stored in the company’s systems. This data includes names, Social Security numbers, financial account information, medical diagnoses, and health insurance details.
Upon confirming the breach, KEB took action by reviewing the compromised data and determining which individuals were impacted. The firm identified that the exposed information varied depending on the person but included a wide range of sensitive data, such as addresses, patient account numbers, treatment costs, and provider details. To mitigate further risks, KEB launched a thorough review of its systems and engaged cybersecurity experts to strengthen its defenses against future breaches.
On March 17, 2023, KEB began sending out breach notification letters to the individuals affected by the incident. Since then, the firm has continued to mail additional letters containing updated information as more details about the breach emerged. KEB has also offered affected individuals complimentary credit monitoring services, providing them with tools to protect themselves from potential identity theft or fraud arising from the breach.
Headquartered in Springfield, Illinois, KEB is a mid-sized certified public accounting firm with additional locations in Illinois, Missouri, and Wisconsin. Founded in 1931, the firm offers a wide range of services, including accounting, tax management, consulting, and wealth management. KEB’s clients span various industries, including healthcare, financial institutions, manufacturing, and government entities. The firm’s swift response to the data breach aims to protect its clients and minimize any harm caused by the unauthorized access to their sensitive information.
Reference: