Mazars USA LLP, a certified public accounting firm, faced regulatory action by the New York Attorney General (NY AG) for failing to secure unencrypted sensitive personal data, including **Social Security numbers, financial records, and tax documents** of clients and employees. The breaches occurred due to inadequate cybersecurity measures, such as **lack of encryption, weak access controls, and failure to monitor third-party vendors**. While the article does not specify a direct data leak of customer information, the exposed data—if compromised—could enable identity theft, financial fraud, or reputational harm. The NY AG’s settlement required Mazars to pay **$60,000 in penalties** and implement stricter security protocols, including encryption, multi-factor authentication (MFA), and vendor risk assessments. The incident highlights vulnerabilities in handling **highly sensitive financial and personal data**, particularly in sectors like accounting where trust and confidentiality are critical. The breach did not result in confirmed theft but posed significant risks to **employee and client privacy**, warranting regulatory intervention.
TPRM report: https://www.rankiteo.com/company/mazarsinus
"id": "maz2732727102125",
"linkid": "mazarsinus",
"type": "Breach",
"date": "10/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Accounting/Financial Services',
'location': 'New York, USA (jurisdiction of NY AG)',
'type': 'Certified Public Accounting (CPA) Firm'}],
'data_breach': {'data_encryption': 'No (data was unencrypted)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (unencrypted PII)',
'type_of_data_compromised': ['Social Security numbers',
'sensitive personal '
'information']},
'description': 'A certified public accounting firm has agreed to pay $60,000 '
'and improve its data security to resolve the New York '
"attorney general's claims that it failed to adequately "
'protect unencrypted Social Security numbers and other '
'sensitive personal information.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'regulatory action and public '
'disclosure',
'data_compromised': ['Social Security numbers',
'sensitive personal information'],
'financial_loss': {'currency': 'USD', 'settlement_amount': 60000},
'identity_theft_risk': 'High (due to exposure of unencrypted '
'Social Security numbers)',
'legal_liabilities': 'Regulatory settlement with New York Attorney '
'General'},
'investigation_status': 'Resolved (settlement reached)',
'post_incident_analysis': {'corrective_actions': ['Payment of $60,000 '
'settlement',
'Implementation of improved '
'data security practices'],
'root_causes': ['Failure to adequately protect '
'unencrypted sensitive data',
'Insufficient data security '
'measures']},
'recommendations': ['Implement encryption for sensitive data (e.g., Social '
'Security numbers)',
'Enhance data security protocols to comply with '
'regulatory requirements'],
'references': [{'source': 'Law360'}],
'regulatory_compliance': {'fines_imposed': {'amount': 60000,
'currency': 'USD',
'regulator': 'New York Attorney '
'General'},
'legal_actions': ['Settlement agreement with NY AG'],
'regulations_violated': ['New York data protection '
'laws (implied by NY AG '
'action)'],
'regulatory_notifications': ['New York Attorney '
'General']},
'response': {'remediation_measures': ['Improved data security practices (as '
'per settlement agreement)']},
'title': 'NY AG Reaches Deal With Accounting Firm Over Data Breaches',
'type': 'Data Breach'}