Edwards, Faust & Smith Data Breach Exposes Sensitive Client Information
A data breach at Edwards, Faust & Smith, a certified public accounting firm based in Bangor, Maine, has exposed the sensitive personal and financial information of 928 individuals across the U.S., including 837 in Maine. The incident, discovered on April 30, 2026, stemmed from a phishing attack that originated from a fraudulent email posing as a prospective client. The attack compromised a firm computer and a remote server before being contained by May 5, 2026.
The breach potentially exposed a range of confidential data, including names, Social Security numbers, tax return information, IRS transcripts, financial account details, dates of birth, government-issued IDs, and client correspondence. The firm collaborated with IT and cybersecurity specialists to investigate the incident and mitigate further risks.
Written notifications were sent to affected individuals on May 28, 2026. Shamis & Gentile P.A., a law firm specializing in data breach cases, is investigating potential legal action for those impacted, citing possible compensation for harm or inconvenience resulting from the exposure. The breach underscores the growing threat of phishing attacks targeting professional service providers handling sensitive financial data.
Source: https://www.claimdepot.com/investigations/edwards-faust-smith-data-breach-2026
Edwards, Faust & Smith CPAs cybersecurity rating report: https://www.rankiteo.com/company/edwards-faust-&-smith
"id": "EDW1780000205",
"linkid": "edwards-faust-&-smith",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '928',
'industry': 'Accounting',
'location': 'Bangor, Maine, USA',
'name': 'Edwards, Faust & Smith',
'type': 'Certified Public Accounting Firm'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Written notifications sent to affected individuals on '
'May 28, 2026',
'data_breach': {'number_of_records_exposed': '928',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Tax return information',
'IRS transcripts',
'Financial account details',
'Dates of birth',
'Government-issued IDs',
'Client correspondence']},
'date_detected': '2026-04-30',
'date_publicly_disclosed': '2026-05-28',
'date_resolved': '2026-05-05',
'description': 'A data breach at Edwards, Faust & Smith, a certified public '
'accounting firm based in Bangor, Maine, has exposed the '
'sensitive personal and financial information of 928 '
'individuals across the U.S., including 837 in Maine. The '
'incident stemmed from a phishing attack that originated from '
'a fraudulent email posing as a prospective client, '
'compromising a firm computer and a remote server.',
'impact': {'data_compromised': 'Sensitive personal and financial information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': ['Firm computer', 'Remote server']},
'initial_access_broker': {'entry_point': 'Fraudulent email posing as a '
'prospective client'},
'investigation_status': 'Completed',
'post_incident_analysis': {'root_causes': 'Phishing attack'},
'references': [{'source': 'Incident notification'}],
'regulatory_compliance': {'legal_actions': 'Potential legal action by Shamis '
'& Gentile P.A.'},
'response': {'communication_strategy': 'Written notifications sent to '
'affected individuals',
'containment_measures': 'Contained by May 5, 2026',
'third_party_assistance': 'IT and cybersecurity specialists'},
'title': 'Edwards, Faust & Smith Data Breach Exposes Sensitive Client '
'Information',
'type': 'Data Breach'}