Cyber Incident Victim: H&N Tax, Inc
Date:
Dec 2025
Location:
United States of America
Summary
H&N Tax, Inc d/b/a CSA Tax experienced a network disruption that led to an investigation revealing unauthorized access to personal information including names and Social Security numbers. The investigation concluded after engaging a third‑party forensic specialist, and the company began notifying affected clients while a law firm pursues potential class action claims.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
H&N Tax, Inc., operating under the d/b/a CSA Tax, provides tailored tax preparation and planning support for individuals and small businesses throughout the year. On or about December 2, 2025, CSA Tax learned of a disruption to its computer network that it identified as a data breach. In response, the company launched an investigation and engaged a third‑party computer forensic specialist to assist with the inquiry. The investigation was completed on January 22, 2026, and determined that certain personal information had been accessed without authorization. The affected data stored on the company’s network may include names combined with Social Security numbers.
Following the completion of the investigation, CSA Tax began sending notice letters to potentially affected clients on February 20, 2026. A press release announcing the breach and the ongoing legal inquiry was distributed via Globe Newswire on February 23, 2026, dated February 22, 2026 from Haverhill, Massachusetts. The press release states that Edelson Lechtzin LLP, a national class action law firm based in suburban Philadelphia, is investigating claims on behalf of clients whose data may have been compromised by the CSA Tax incident. Edelson Lechtzin LLP maintains offices in Pennsylvania and California and focuses its practice on class and collective litigation involving securities and investment fraud, federal antitrust laws, employee benefit plans under ERISA, wage theft, and consumer fraud. The release includes contact information for Marc Edelson, Esq., at 411 S. State Street, Suite N‑300, Newtown, PA 18940, phone 844‑696‑7492 ext. 2, email medelson@edelson‑law.com, and website www.edelson‑law.com.
The press release also notes that CSA Tax started notifying clients on February 20, 2026, after the investigation concluded on January 22, 2026, and that the company’s investigation had involved a third‑party computer forensic specialist. It reiterates that the breach involved unauthorized access to personal information that may consist of names paired with Social Security numbers. No further technical details about the attack vector, threat actor, or specific systems compromised are disclosed in the source material. The narrative presented here is limited to the chronology, observed impacts, and response actions described in the provided article.