Edwards, Faust & Smith (EFS) CPAs reported a data breach impacting 928 individuals, including 837 Maine residents. The breach, triggered by a phishing attack, may have exposed sensitive client information including Social Security numbers, tax return information, financial accounts, and other personal identifiers.
Edwards, Faust & Smith CPAs’s Data Breach Investigation
On April 30, 2026, EFS’s IT provider discovered unauthorized activity in the firm’s computer network. The intrusion, originating from a phishing attack that appeared to come from a prospective client, affected one firm computer and a remote server. EFS immediately isolated the server and, by May 5, 2026, fully mitigated all unauthorized activity .
The firm worked closely with cybersecurity specialists to investigate and contain the incident. The review revealed that information potentially accessed included client names, Social Security or taxpayer identification numbers, tax return information, IRS transcripts, financial accounts, financial statements, dates of birth, government-issued IDs, and client correspondence.
EFS also implemented administrative, technical, and security upgrades, reset passwords, and strengthened safeguards across its network. While there is no evidence of misuse, the firm is providing guidance and recommended steps for affected individuals to protect their information.
When Did This Breach Occur?
The breach occurred between April 28, 2026, and May 5, 2026, and was discovered on April 30, 2026. Notifications to affected individuals were sent on May 27, 2026 .
What Information Was Breached?
The personal information potentially exposed in this breach includes:
- Names
- Social Security numbers
- Tax return information
- IRS transcripts
- Financial account information
- Financial statements
- Dates of birth
- Government-issued identification
- Client correspondence
What You Can Do
Affected individuals should monitor all financial accounts, credit reports, and tax documents for unauthorized activity. Obtain a free credit report annually from Equifax, Experian, and TransUnion, and consider placing a fraud alert or security freeze on your credit file .
You may also request an IRS Identity Protection PIN (IP PIN) to prevent fraudulent tax filings using your Social Security number . Remain cautious of phishing attempts or unsolicited requests for personal or financial information, and report any suspected fraud to law enforcement, the FTC, and your state Attorney General.
File a Data Breach Lawsuit Against Edwards, Faust & Smith CPAs
If you received notification that your information may have been exposed in the EFS data breach, you may be eligible to file a class action lawsuit.
Class action lawsuits allow affected individuals to pursue compensation for identity theft risks, financial losses, and time spent mitigating the breach. Legal action can also encourage stronger cybersecurity protections and improved safeguards for sensitive client data.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
