Kerkering, Barberio & Co., Certified Public Accountants (KB), recently reported a data breach involving unauthorized access to several company email accounts. The incident may have exposed sensitive personal information, including names and Social Security numbers. The firm is notifying affected individuals and offering credit monitoring services to help mitigate potential risks.
Kerkering Barberio & Co.’s Data Breach Investigation
Kerkering, Barberio & Co., a certified public accounting firm based in Sarasota, Florida, discovered a cybersecurity incident affecting its internal email systems. The breach came to light on May 27, 2025, when the firm identified suspicious activity involving unauthorized access to four email accounts within its network.
Upon discovering the incident, KB immediately took action to isolate the compromised email accounts and prevent further access. The firm engaged a specialized third-party cybersecurity company to investigate the event and determine the scope of the intrusion. This forensic investigation aimed to identify how the breach occurred and whether sensitive information had been accessed or removed.
Preliminary findings from the forensic investigation revealed evidence that an unauthorized actor accessed and potentially obtained files contained within the compromised email accounts. Because email systems often store attachments and communications containing sensitive client information, this raised concerns about the possible exposure of personal data.
To determine exactly what information may have been impacted, KB retained a third-party data mining vendor to conduct a comprehensive review of the affected email accounts and the files they contained. This detailed review process helped identify which individuals’ sensitive information may have been present within the compromised accounts at the time of the incident.
On March 6, 2026, KB finalized the list of individuals whose information may have been exposed and prepared to notify them about the breach. Notification letters were mailed to affected individuals beginning March 13, 2026.
According to the investigation, the information potentially exposed may include an individual’s full name in combination with other sensitive personal data. Specifically, exposed information may include names, email addresses, physical mailing addresses, and Social Security numbers.
Although the firm has stated that it has not received any reports of identity theft or fraudulent misuse related to the incident, the exposure of Social Security numbers and other personal identifiers presents potential risks. Information such as Social Security numbers can be used in identity theft schemes, financial fraud, or other forms of unauthorized activity.
In response to the breach, KB implemented a series of security improvements designed to reduce the likelihood of similar incidents occurring in the future. These measures included disconnecting access to the compromised email accounts, resetting administrative credentials, restoring systems in a secure configuration, and enhancing existing security controls.
KB also worked closely with its legal counsel and cybersecurity professionals to ensure proper response procedures were followed and affected individuals were notified in accordance with applicable data breach notification laws.
To assist those affected, the firm is offering complimentary identity protection services. These services include credit monitoring and identity theft restoration support through Cyberscout, a TransUnion company that specializes in fraud monitoring and recovery assistance.
Approximately 4,179 individuals were affected by the breach, including three residents of Maine.
Even when there is no confirmed misuse of exposed data, individuals whose personal information is involved in a data breach may still face increased risks. Sensitive information exposed during a breach may later be used by cybercriminals or circulated through underground marketplaces.
When Did This Breach Occur?
The unauthorized access occurred on May 25, 2025, and the incident was discovered on May 27, 2025.
Following the discovery, KB launched an investigation and later completed a detailed review of the affected email accounts to identify impacted individuals.
What Information Was Breached?
The personal information potentially exposed in the breach may include:
-
Full Name
-
Email Address
-
Physical Mailing Address
-
Social Security Number
What You Can Do
If you received a notification from Kerkering Barberio & Co. regarding this data breach, there are several steps you can take to protect your personal information.
First, consider enrolling in the complimentary credit monitoring and identity theft protection services provided through Cyberscout. These services can alert you to suspicious activity involving your credit file and provide assistance if identity theft occurs.
You should also regularly review your bank statements, financial accounts, and credit reports for any unauthorized activity. Monitoring your credit can help you detect potential fraud early.
Consumers in the United States are entitled to free annual credit reports from the three major credit bureaus—Equifax, Experian, and TransUnion—through AnnualCreditReport.com. Reviewing these reports can help you identify unfamiliar accounts or credit inquiries.
You may also consider placing a fraud alert or credit freeze on your credit file. Fraud alerts require lenders to verify your identity before extending credit, while credit freezes restrict access to your credit report entirely unless you authorize it.
Remaining vigilant and monitoring your personal information regularly is important after any data breach involving Social Security numbers or other sensitive identifiers.
You may also wish to explore your legal options if your personal information was exposed.
File a Data Breach Lawsuit Against Kerkering Barberio & Co.
If you received a data breach notification from Kerkering Barberio & Co. stating that your personal information was exposed, you may be eligible to pursue compensation.
Organizations that collect and store sensitive personal data have a responsibility to protect that information from unauthorized access. When companies fail to implement adequate cybersecurity protections, individuals may face risks including identity theft, financial fraud, and privacy violations.
Class action lawsuits allow individuals affected by data breaches to hold organizations accountable for failing to safeguard sensitive information. In some cases, victims may be able to recover compensation for damages, credit monitoring expenses, time spent resolving fraud issues, and other related harms.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
