Cyber Incident Victim: Berry, Dunn, McNeil & Parker

On June 8, 2022, Berry, Dunn, McNeil & Parker, LLC began receiving customer reports regarding unusual emails appearing to originate from a company email address. The accounting and consulting firm immediately secured its email systems and initiated an investigation into the suspicious activity. The investigation determined the emails were sent from an external account but also confirmed unauthorized access to a single employee’s email account. This compromised account contained sensitive consumer information, though the company’s filing with the Montana Attorney General did not explicitly disclose the specific data types involved. Based on Montana’s data breach reporting requirements, the exposed information likely included affected individuals’ names combined with one or more of the following: Social Security numbers, driver’s license numbers, state identification numbers, protected health information, or financial account details. Berry Dunn completed a review of the affected files to identify impacted consumers and the scope of compromised data. On September 16, 2022, the company formally acknowledged the breach and issued data breach notification letters to all affected individuals. These letters outlined the incident and provided guidance on mitigating identity theft and fraud risks stemming from the exposure. The breach investigation did not publicly attribute the incident to a specific threat actor or disclose the duration of unauthorized access prior to detection.

Berry, Dunn, McNeil & Parker, a Portland, Maine-based firm with over 500 employees and $100 million annual revenue, operates across nine U.S. and Puerto Rico locations providing tax and accounting services. The company attributed the breach solely to unauthorized access of an employee email account without elaborating on the intrusion method or whether multi-factor authentication was enabled. While phishing attacks—where hackers impersonate legitimate entities to steal credentials—accounted for approximately one-third of 2021 cyberattacks according to the Identity Theft Resource Center, Berry Dunn did not confirm if phishing facilitated this breach. The company’s containment actions focused on securing the email environment post-discovery, with no disclosed evidence suggesting lateral network movement beyond the single compromised account. The breach letters constituted the primary remediation measure for affected consumers, as the filing did not reference complimentary credit monitoring services or additional security enhancements implemented following the incident. Montana’s breach notification law obligated disclosure due to the involvement of personally identifiable information combined with sensitive identifier data, though the precise number of affected individuals remained undisclosed in available reports.