Data breach at Louisiana accounting firm compromises SSNs and finances

Accounting firm Wright, Moore, DeHart, Dupuis & Hutchinson this week confirmed it notified thousands of people about a July 2023 data breach that compromised names, Social Security numbers, financial account numbers, credit and debit card numbers, medical info, driver’s license numbers, and addresses.

The notice (PDF) states, “On or around July 11, 2023, WMDDH became aware of unusual network activity and immediately took steps to secure our systems. We launched an investigation with the assistance of leading cybersecurity experts to determine what happened and whether sensitive or personal information may have been affected during the incident. As a result of the investigation, we identified that certain WMDDH data may have been acquired without authorization.”

Ransomware gang ALPHV/BlackCat claimed responsibility for the attack on July 12, 2023, saying it stole 766 GB of data. The group posted a proof pack on its website showing a sample of allegedly stolen documents and ID scans.

More than a year after the breach occurred, WMDDH sent notices to 6,933 people in Texas and 58 in Massachusetts, according to those states’ attorneys general. The total number of victims has not been disclosed.

ALPHV/BlackCat further claims to have stolen employee CVs, loans data, insurance agreements, and credentials for local and remote services.

WMDDH has not verified ALPHV’s claim. We do not yet know whether the firm paid a ransom, how much ALPHV demanded, or how attackers breached WMDDH’s network. Comparitech contacted WMDDH for comment and will update this article if it responds.

Victims can enroll in free identity protection services offered by WMDDH via Equifax.

Who is ALPHV/BlackCat?

ALPHV/BlackCat is responsible for some of the most high profile ransomware attacks of the past few years. The group dark after an attack on Change Healthcare in March 2024, in which it allegedly stole a $22 million ransom payment from affiliates. The last attack claimed by ALPHV (unconfirmed) was in April 2024. The attack on WMDDH took place prior to ALPHV’s exit scam.

In 2023, ALPHV/BlackCat claimed responsibility for 135 confirmed ransomware attacks, affecting more than 47 million records. Its average ransom is about $2.2 million.

ALPHV/BlackCat is responsible for major attacks on finance companies including LoanDepot, Prudential Insurance, Fidelity National Financial, Academy Mortgage, and Progressive Leasing.

Ransomware attacks on US finance

In addition to data theft, ransomware attacks on finance companies can disrupt day-to-day operations and delay transactions until systems are restored. Attackers can lock down targeted systems until a ransom is paid for a key to unlock them. Attackers often demand additional ransom in exchange for not selling or publicly releasing stolen data.

In 2023, Comparitech researchers logged 58 ransomware attacks on the US financial sector, affecting 10.8 million records. The biggest of these was LockBit’s attack on McCamish Infosys.

In 2024 so far, we tracked 28 such attacks, affecting more than 28 million records. Another 95 attacks have been claimed by ransomware groups but not acknowledged by targeted organizations.

About Wright, Moore, DeHar, Dupuis, & Hutchinson

Based in Lafayette, Louisiana, WMDDH is a certified public accounting firm that provides tax, audit, litigation support, management advisory, and write-up services. It employs between 50 and 200 people, according to its LinkedIn profile.