Limited distribution: Ernst & Young (2TB)

Files from the Canadian firm EY Law released by the cl0p ransomware group

"Ernst & Young three flags" by Froztbyte is licensed under CC BY-SA 4.0.

Two terabytes of internal files from a Toronto branch of the multinational firm Ernst & Young (EY). Ernst & Young primarily provides accounting, tax, consulting and advisory services. The branch impacted by this hack appear to be EY Law in Toronto, Canada.

EY filed a breach notification with the office of the Maine attorney general and sent a notice to customers impacted saying:

We write on behalf of EY Law regarding a security incident involving a third-party service provider. On May 31, 2023, we were informed by our third-party supplier, Progress Software, of a security vulnerability involving the supplier’s MOVEit Transfer solution.

The ransomware group behind this hack, Cl0p, announced a list of clients of EY included in the breach, like Air Canada and TD Bank. Cl0p published the EY Law dataset on their dark net blog, and via torrents.

We have archived the files under our ransomware category in the archive.

Limited Distribution

Due to widespread presence of PII such as identification documents, the data is only being made available to journalists and researchers. Researchers and journalists can open a ticket in our request system to access data from the limited distribution collections.

Distributed Denial of Secrets is a 501c3 registered non-profit. Your donations help us to continue to publish.

See also

PricewaterhouseCoopers
Jones Day
The Banker’s Box series
MeritServus and MeritKapital