Strauss Borrelli PLLC, a leading data breach law firm, is investigating Morgan & Associates CPAs, PC regarding its recent data breach. The Morgan & Associates data breach may have involved sensitive personal information belonging to an undetermined number of individuals.
ABOUT MORGAN & ASSOCIATES CPAS, PC:
Morgan & Associates is an accounting and financial services firm based in Michigan. Today, Morgan & Associates provides an array of services to business owners, including advanced tax strategy, tax planning, preparation and resolution, accounting services, payroll services, and assurance services.2 Additionally, Morgan & Associates offers more specialized services in the areas of nonprofit, education, government, law, and more.3 Headquartered in Grand Rapids, Michigan, Morgan & Associates has an additional office in Livonia, Michigan.
WHAT HAPPENED?
Recently, Morgan & Associates reported to the Attorney General of Vermont that it had experienced a data breach in which sensitive personal identifiable information in its systems may have been accessed and acquired. According to the breach notice, on September 18, 2024, Morgan & Associates became aware of suspicious activity related to its tax preparation software.1 As a result, Morgan & Associates launched an investigation to determine the nature of the incident.
Through its investigation, Morgan & Associates discovered that the account of a business partner who provided services to Morgan & Associates was compromised, resulting in limited periods of unauthorized access to its tax preparation software from January 7, 2024, through September 18, 2024.1 During this period, sensitive personal information belonging to clients’ tax files in Morgan & Associates systems may have been viewed and obtained by an unauthorized third party. As a result, Morgan & Associates began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. The exact type of personal information potentially exposed has not been made publicly available by Morgan & Associates. However, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or other government issued ID card numbers (e.g., individual taxpayer ID number, passport number, military ID card number)
- Financial account number or credit or debit card number
- Unique biometric data (e.g., fingerprint, retina or iris image, or other unique biometric representation)
- Genetic information
- Health record or records of a wellness program or similar program of health promotion or disease prevention (e.g., healthcare professional’s medical diagnosis or treatment of the consumer, health insurance policy number)
As a result of the data breach, Morgan & Associates began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Vermont residents, Morgan & Associates is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification letters that Morgan & Associates filed with the Attorney General of Vermont is below.
If you received a breach notification letter from Morgan & Associates CPAs, PC:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
