Financial consulting and accounting firms are unique within the data ecosystem.  They are situated at the crossroads of identity, financial records, and in certain circumstances, health-related records that link to insurance and tax documentation.  Therefore, the concentration of personally identifiable and sensitive data has become increasingly appealing to cybercriminals.  As illustrated by the Mosley Glick O’Brien, Inc., Data Breach, ransomware attacks are morphing to target organizations that are responsible for managing large and diverse sets of data, all of which have the potential for abuse.

According to publicly available records, the incident was a ransomware attack involving unauthorized access to internal systems that was detected in February 2025.  After detection, the accounting firm engaged a third-party cybersecurity company to assist in securing their network and assessing the total extent of damage caused by the breach.  The event highlights a general trend that is affecting firms providing accounting and advisory services.

Unlike many other industries, accounting firms routinely maintain large and comprehensive client profiles.  Such profiles typically contain personal identifying information (e.g., Social Security number), financial account numbers, tax identification numbers, and payment card numbers.  Each of these items has the potential to become the victim of fraud, depending on the manner in which the information is secured; therefore, if a criminal were to obtain any one item, they could use it to commit fraudulent acts and be successful in victimizing other individuals.  In addition, many profiles contain information regarding previous interactions between the client and the company (i.e., application for credit or insurance claim), so the likelihood of an attacker successfully using the information obtained from an accounting firm, increases dramatically.

The primary purpose of ransomware attacks in the financial sector is not just disrupting business operations. Businesses can lose money from being locked out of their systems when ransomware crypto-locks their data, but the real value of the data itself can be used to commit identity fraud, unauthorized transactions or targeted phishing schemes that appear legitimate because of the accuracy of the data used in those schemes.

Another challenge faced by accounting firms is their workflow processes. Fast moving firms are constantly sending documents, files and data to be shared with clients, governments, and other third party platforms. As such, this high volume of data movement creates numerous potential entry points for cybercriminals, either through using email attachments with malware, shared document portals, or being given a way to access a firm's systems with compromised credentials.

In addition to the high volume of data flow, accounting firms experience seasonal volumes of work, particularly around tax-time. Seasonal periods will see heavily utilized systems, as well as, a large increase in communication. Due to the large volume of business being conducted during these times, detecting anomalies in how the systems are working and responding to potential threats may be more challenging.

Data Retention is a major concern, as organizations must retain data for an extended period of time, particularly when it comes to financial records. A lot of data accumulates over time (i.e., large amounts of historical data), that must be protected. Even when they are old, records still contain sensitive data (e.g., personally identifiable information).

I also see the timeline of cyber incidents that involve ransomware/other forms of attacks to reflect the complexity of responding to a data breach. It can take several months to determine what data was breached, who was impacted, and to process everything that needs to be reviewed prior to being able to send notices. This demonstrates that there is a lot of detail that is contained within financial records that need to be carefully examined and that notification issues require careful evaluation.

As cyber threats continue to evolve and become more sophisticated, there has been a significant number of accounting firms that are beginning to realize the seriousness of their need to strengthen their cybersecurity posture (e.g., stronger access controls, encrypting sensitive data, and training employees to recognize how they are being targeted such as through phishing attacks). 

The increased focus on accounting firms as targets is a reflection of a larger trend. Any organization that manages sensitive information including both financial and personal will need to conduct their business with heightened sensitivity to security. Protecting this information will be critical not only for compliance reasons, but also for maintaining confidence in professional services that have a reliance on confidentiality.