Cyber Incident Victim: Wisan Smith Racker & Prescott
Date:
Apr 2022
Location:
United States of America
Summary
Wisan Smith Racker & Prescott experienced a data breach where an unauthorized party accessed its systems during two separate periods, compromising sensitive client information including names, Social Security numbers, financial account details, medical records, and various government-issued identification numbers. The breach was discovered after fraudulent tax filings were detected on behalf of clients, prompting an investigation that confirmed the theft of files containing personal data. The accounting firm engaged cybersecurity professionals to assess the incident and subsequently notified affected individuals, whose exposed information poses risks of identity theft and tax-related fraud.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 29, 2022, Wisan Smith Racker & Prescott (WSRP) publicly confirmed a data breach involving unauthorized access to its network systems. The incident was initially detected on June 14, 2022, when the firm discovered fraudulent tax returns had been filed using client information. Subsequent forensic investigations revealed that attackers infiltrated WSRP's systems during two distinct periods: April 21-28, 2022, and again on May 26, 2022. During these intrusions, the unauthorized party exfiltrated files containing sensitive client data. The compromised information included names, Social Security numbers, driver's license or state identification numbers, passport numbers, military IDs, government-issued identification numbers, financial account details, dates of birth, electronic signatures, medical information, and health insurance records. WSRP engaged cybersecurity professionals to determine the breach's scope and identify affected individuals through a review of accessed files. The accounting firm, founded in 1985 and based in Salt Lake City with over 100 employees and $18 million annual revenue, provides tax services, business consulting, and related financial advisory services to corporate and individual clients.
WSRP completed its internal review and began notifying impacted parties through data breach letters mailed on July 29, 2022. The breach notification process informed recipients about the exposure of their personal information and potential risks of identity theft and fraud. Forensic evidence confirmed the attackers specifically targeted client data required for tax filings, aligning with a broader pattern of tax refund fraud incidents affecting accounting firms nationwide. This type of identity theft involves criminals using stolen personal information to file fraudulent tax returns and claim illegitimate refunds, often undetected until victims attempt to file legitimate returns or receive IRS notifications about duplicate filings. The breach's discovery stemmed directly from client reports about suspicious tax filings, prompting WSRP's investigation that uncovered the system compromises. No technical details about attack vectors or specific compromised systems were disclosed beyond confirmation of unauthorized network access during the identified intrusion windows. The incident exposed multiple categories of sensitive client data maintained by WSRP as part of its tax preparation and business advisory services.