Strauss Borrelli PLLC, a leading data breach law firm, is investigating Vocatura, Spagnuolo & Company, P.C. (“Vocatura”) regarding its recent data breach. The Vocatura data breach involved sensitive personal information belonging to over 980 individuals.
ABOUT VOCATURA, SPAGNUOLO & COMPANY, P.C.:
Vocatura is a public accounting firm based in Massachusetts. Founded in 1992, Vocatura provides a range of accounting services to individuals and business entities, including bookkeeping, audits, tax planning, accounting software consulting, business succession planning, and more.2,3,4 Clients of Vocatura include retailers, manufacturers, distributors, service companies, nonprofit organizations, etc.2 Headquartered in Waltham, Massachusetts, Vocatura employs at least 2 indiviudals.2,4
WHAT HAPPENED?
Recently, Vocatura reported to the Attorney General of Vermont that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice, on July 16, 2025, Vocatura became aware of unauthorized access to a single email account.1 As a result, Vocatura launched an investigation to determine the nature of the incident.
Through its investigation, Vocatura confirmed that sensitive personal information in the emails may have been accessed by an unauthorized third party on or before July 16, 2025. As a result, Vocatura began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. As of December 18, 2025, the exact type of personal information potentially exposed has not been made publicly available by Vocatura. However, according to Vermont state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or other government issued ID card numbers (e.g., individual taxpayer ID number, passport number, military ID card number)
- Financial account number or credit or debit card number
- Unique biometric data (e.g., fingerprint, retina or iris image, or other unique biometric representation)
- Genetic information
- Health record or records of a wellness program or similar program of health promotion or disease prevention (e.g., healthcare professional’s medical diagnosis or treatment of the consumer, health insurance policy number)
On December 17, 2025, Vocatura began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Vermont residents, Vocatura is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification letters that Vocatura filed with the Attorney General of Vermont is below.
If you received a breach notification letter from Vocatura, Spagnuolo & Company, P.C.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
