A hacker stole data from a Fairfield County accounting firm in a breach that may have impacted as many as 900 customers, authorities say.
Lyons & Lyons, a certified public accountant firm in Ridgefield and Fairfield, is currently working with the U.S. Secret Service, the Internal Revenue Service and the IRS’s Criminal Investigation unit on an ongoing “cyber breach” criminal investigation.
An arrest may be near.
David Lyons, a partner at Lyons & Lyons, confirmed the breach occurred at his company’s office, but offered few specifics.
“We did have a security incident that may have caused exposure of some personal information,” Mr. Lyons said.
He said he could not comment how many clients’ information had been hacked, exactly what information had been taken or when the breach took place, because the investigation is pending.
However, Jaclyn Falkowski, a spokesperson for the office of the Connecticut attorney general, said, “It’s our understanding that about 900 Connecticut residents were notified that their information may have been compromised in this breach and that federal law enforcement authorities are also involved.”
She added that companies that keep personal information, as defined by statute, are required to notify her agency of any security breaches, which Lyons & Lyons did.
“While we are still assessing the matter, our primary concern is for the security of those consumers affected, and we will work to ensure that the needs of those individuals are met and that the company take adequate measures to prevent exposure of personal information in the future,” she wrote.
Mr. Lyons did not confirm whether or not tax return information was falsified or stolen, or whether the perpetrators got complete files.
He said the Secret Service has a suspect and the agency expects to make an arrest soon.
He added that the Secret Service has told him that the suspect has no affiliation with Lyons & Lyons.
“The suspect is not a current or former employee and is not a current or former client — that has been confirmed to us by the Secret Service,” Mr. Lyons said. “I have no idea who the individual is at the time, but the suspect has no connection to the firm.”
Calls to the Secret Service and IRS Criminal Investigation unit were not returned.
Mr. Lyons said his office is installing a new credit monitoring system to ensure a breach like this doesn’t happen again.
“We are working with all the agencies to bring this to a conclusion as soon as possible,” said Mr. Lyons. “We are obviously concerned about the security of our clients’ information and we are taking this very seriously.”
Additionally, he said, “we have arranged for clients to get identity theft protection.”
Ms. Falkowski, of the state’s attorney general’s office, said the investigation will be made public as soon as it concludes.
“It’s a matter of time; the investigation is still open,” she said.
Police recommend that people avoid giving out important information over the phone or online.
“Don’t give away anything too easily,” said Capt. Tom Comstock. “Unless you initiated the conversation with the accountant, then you shouldn’t be revealing stuff like your Social Security number over the phone to a complete stranger.”
He added that this advice is “standard safety protocol that we tell people all the time.”
“Keep a close eye on all your accounts, and if there’s anything out of the ordinary, report it right away.”
Lyons & Lyons’ Ridgefield office is at 898 Ethan Allen Highway. Its Fairfield office is at 75 Hillside Road.
Ms. Falkowski described how many people can get help.
“Affected consumers who have concerns about this matter are encouraged to contact ID Experts, the credit monitoring firm Lyons & Lyons has retained in this matter, at 1-888-760-4871. Consumers can also call our consumer protection unit at 1-860-808-5400 or email email@example.com.”