The California Office of the Attorney General disclosed a data breach affecting Shapiro Tax Group LLP on June 13, 2022, stemming from an incident on March 1, 2022. Unauthorized actors gained access to an employee’s email account, potentially exposing sensitive personal information of approximately 1,800 individuals. The compromised data included full names, Social Security numbers (SSNs), residential/business addresses, and email addresses. The breach posed significant risks, as SSNs and personal identifiers are prime targets for identity theft, financial fraud, and phishing schemes. While the exact method of intrusion (e.g., phishing, credential stuffing) was not specified, the exposure of such data could lead to long-term repercussions for affected individuals, including unauthorized credit applications, tax fraud, or targeted scams. The firm likely faced regulatory scrutiny under California’s data protection laws (e.g., CCPA), requiring notification to impacted parties and potential remediation measures like credit monitoring services. The incident underscores vulnerabilities in email security protocols, particularly for firms handling high-value financial and tax-related data. No evidence suggested ransomware or systemic operational disruption, but the leak of employee-managed client data aligns with patterns of internal data exposure via compromised accounts.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-554229
TPRM report: https://www.rankiteo.com/company/sfw-partners-llc-formerly-shapiro-flom-&-company-llc-
"id": "sfw839082025",
"linkid": "sfw-partners-llc-formerly-shapiro-flom-&-company-llc-",
"type": "Breach",
"date": "3/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '1,800',
'industry': 'Accounting/Tax Services',
'location': 'California, USA',
'name': 'Shapiro Tax Group LLP',
'type': 'Private Company'}],
'attack_vector': 'Unauthorized Email Access',
'data_breach': {'data_exfiltration': 'Potential (unauthorized access to '
'email)',
'number_of_records_exposed': '1,800',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Sensitive Personal Data']},
'date_detected': '2022-03-01',
'date_publicly_disclosed': '2022-06-13',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Shapiro Tax Group LLP. The breach occurred '
'on March 1, 2022, and involved unauthorized access to an '
'email account, potentially leading to the exposure of '
'personal information, including full names, social security '
'numbers, residential/business addresses, and email addresses. '
'Approximately 1,800 individuals were affected.',
'impact': {'data_compromised': ['Full Names',
'Social Security Numbers',
'Residential/Business Addresses',
'Email Addresses'],
'identity_theft_risk': 'High (PII exposed)',
'systems_affected': ['Email Account']},
'initial_access_broker': {'entry_point': 'Email Account Compromise'},
'investigation_status': 'Reported; details limited',
'references': [{'date_accessed': '2022-06-13',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Consumer '
'Privacy Act (CCPA)',
'Potential HIPAA (if '
'health data involved, '
'though not confirmed)'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Shapiro Tax Group LLP Data Breach (2022)',
'type': 'Data Breach'}