Data Security Incident FAQ
What Happened?
We recently discovered that an unauthorized party gained access to one of our team member's Microsoft 365 accounts. Based on a comprehensive investigation conducted by cybersecurity experts at Kroll, we determined that this access began on or around May 8, 2025 and continued until we discovered and stopped it on August 19, 2025.
The unauthorized party gained initial access through a phishing email and was able to bypass multi-factor authentication protections that were in place at the time.
You are receiving this notification because your personal information was stored in the compromised account and may have been viewed or accessed by the unauthorized party.
What Information Was Involved?
The compromised Microsoft 365 account contained client information including:
- Personal Identifiers: Names, addresses, dates of birth
- Tax Information: Social Security Numbers (SSNs), Taxpayer Identification Numbers (TINs)
- Financial Information: Bank names, routing numbers, account numbers
- Government IDs: Driver's license numbers and issuing states
- Healthcare Information: Medicare/Medicaid numbers
We have no evidence that this information was misused, but we are notifying you out of an abundance of caution so you can take steps to protect yourself.
What We're Doing
We take the security of your information very seriously and have taken immediate and comprehensive action:
Immediate Response (Completed)
- Discovered and stopped the unauthorized access on August 19, 2025
- Secured the compromised account and reset all passwords
- Terminated all unauthorized sessions
- Retained Kroll, a leading cybersecurity firm, to conduct forensic investigation
- Retained cybersecurity legal counsel
- Reported the incident to the FBI, IRS, and other appropriate authorities
Enhanced Security Measures Implemented
- Strengthened multi-factor authentication: Implemented TOTP (Time-based One-Time Password) authentication and disabled less secure SMS and email-based authentication
- Device and identity management: Deployed Microsoft Intune for device management and Microsoft Entra for advanced identity and access control
- Password management: Deployed LastPass Password Manager enterprise-wide
- Endpoint security: Implemented Bitdefender Small Business Security Ultimate including email filtering and VPN
- Backup systems: Implemented Backblaze cloud backup
- Advanced threat protection: Upgraded to Microsoft Defender Plan 1
- Security policies: Implementing comprehensive new security processes and procedures
- Ongoing monitoring: Enhanced monitoring and threat detection capabilities
Ongoing Efforts
- Continuing to evaluate and implement additional security measures
- Regular security training for all staff members
- Ongoing review and enhancement of security protocols
What You Should Do
We strongly recommend you take the following steps to protect yourself:
1. Enroll in Free Credit Monitoring Services
We are providing complimentary 12-month credit monitoring and identity theft protection services through Kroll at no cost to you.
You will receive a formal notification letter in the mail within the coming weeks that includes:
- Detailed instructions on how to enroll
- Your unique enrollment code
- Information about what the monitoring services include
We strongly encourage you to enroll in these services as soon as you receive your enrollment information.
2. Monitor Your Accounts Closely
- Review your bank statements, credit card statements, and explanation of benefits statements for suspicious activity
- Check your credit reports regularly for accounts or inquiries you don't recognize
- Monitor your tax accounts for signs of tax-related identity theft
3. Consider Placing a Fraud Alert or Credit Freeze
Fraud Alert (free, lasts 1 year, renewable):
A fraud alert makes it harder for identity thieves to open accounts in your name. Creditors must verify your identity before issuing credit.
Credit Freeze (free, you control when to lift):
A credit freeze restricts access to your credit report, making it harder for identity thieves to open new accounts. You can lift the freeze temporarily when you need to apply for credit.
Contact the three major credit bureaus:
- Equifax: 1-800-685-1111 | www.equifax.com
- Experian: 1-888-397-3742 | www.experian.com
- TransUnion: 1-800-916-8800 | www.transunion.com
Note: You only need to contact one bureau for a fraud alert; they will notify the others. For a credit freeze, you must contact all three.
4. Review Your Credit Reports
You're entitled to free credit reports from each bureau once per year at www.annualcreditreport.com. Given this incident, consider requesting reports from all three bureaus now.
5. File Your Tax Return Early
Tax-related identity theft is common after data breaches. Filing your tax return as early as possible makes it harder for criminals to file a fraudulent return in your name.
6. Watch for Signs of Identity Theft
Be alert for:
- Unexpected bills or collection notices
- Denials of credit applications you didn't submit
- IRS notices about tax returns you didn't file
- Medical bills for services you didn't receive
- Calls from debt collectors about accounts you don't recognize
7. Consider an IRS Identity Protection PIN
Visit www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin to get a six-digit PIN that helps prevent someone from filing a fraudulent tax return using your SSN. But don't forget to provide your PIN to us (you'll get a new one every year) so we can e-file your tax return!
8. Utilize our client portal
We learned the hard way that documents sent and received via email are vulnerable to breach. Use our client portal to securely transfer documents to and from us, among other things.
Frequently Asked Questions
How long did the unauthorized party have access?
Based on the investigation by Kroll, we believe the unauthorized access began on or around May 8, 2025 and continued until we discovered and stopped it on August 19, 2025 - approximately 3.5 months.
Do you know if my information was actually viewed or stolen?
We know the unauthorized party had access to the account containing your information. However, we cannot determine with certainty whether specific files or emails containing your information were actually viewed or copied. We are notifying you out of an abundance of caution.
Has my information been misused?
As of this time, we have no evidence that any personal information has been misused. However, we recommend taking the protective steps outlined above.
Will you provide credit monitoring services?
Yes. We are providing complimentary 12-month credit monitoring and identity theft protection services through Kroll at no cost to you.
You will receive a formal notification letter in the mail within the coming weeks that includes:
- Detailed instructions on how to enroll in these services
- Your unique enrollment code
- Information about what the monitoring services include
We strongly encourage you to take advantage of these services.
Will this cost me anything?
The credit monitoring services we are providing through Kroll are completely free to you. Additionally, the other protective measures we recommend (fraud alerts, credit freezes, credit reports) are also free services provided by law. You should not need to pay for these protections.
Should I close my bank accounts?
Not necessarily. Monitor your accounts closely for unauthorized activity. If you see suspicious transactions, contact your bank immediately. They can advise whether closing and opening new accounts is necessary.
What about my tax return?
There is no evidence of tax fraud at this time. However, we recommend:
- Filing your tax return early (as soon as you have all necessary documents)
- Getting an IRS Identity Protection PIN
- Monitoring for IRS notices about returns you didn't file
How can I trust that my information is secure with you now?
We understand your concern. We have taken this incident very seriously and have implemented multiple layers of enhanced security, including:
- Advanced multi-factor authentication that prevents the type of bypass that occurred
- Enterprise-grade device and identity management (Microsoft Intune and Entra)
- Comprehensive endpoint security and email filtering
- Enterprise password management
- Regular security training for all staff
- Ongoing evaluation and implementation of additional security measures
We have engaged cybersecurity professionals to ensure our systems meet the highest security standards.
Why did it take so long to notify me?
Upon discovering the breach, we immediately:
1. Secured the compromised account
2. Engaged Kroll to conduct a thorough forensic investigation
3. Retained legal counsel experienced in data security incidents
4. Worked to identify all individuals whose information may have been affected
This process took time to ensure we could provide you with accurate information and appropriate recommendations. We notified you as soon as we completed this comprehensive review.
Who can I contact with questions?
Contact Us
- Phone: (970) 564-7584
- Email: team@bravuura.cpa
- Hours: Monday-Friday, 9:00 AM - 5:00 PM MT
We have staff available to answer your questions and help you through this process.
Identity Theft Resources
If You Believe You Are a Victim of Identity Theft
Federal Trade Commission (FTC)
- Website: www.identitytheft.gov
- Phone: 1-877-ID-THEFT (1-877-438-4338)
- The FTC provides a comprehensive recovery plan and helps you report identity theft
IRS Identity Theft
- Website: www.irs.gov/identity-theft-fraud-scams
- Phone: 1-800-908-4490
- Report tax-related identity theft and get an Identity Protection PIN
Local Law Enforcement
- File a police report in your local jurisdiction
- Keep a copy for your records
Your State Attorney General
- Many states have consumer protection divisions that can assist with identity theft
Additional Resources
Consumer Financial Protection Bureau (CFPB)
- Website: www.consumerfinance.gov
- Information about protecting your financial accounts
Social Security Administration (SSA)
- Phone: 1-800-772-1213
- If you suspect your Social Security Number is being misused
Department of Motor Vehicles (DMV)
- Contact your state DMV if you believe someone is using your driver's license information
Our Commitment to You
The security and privacy of your information is our highest priority. We deeply regret that this incident occurred and are committed to doing everything possible to protect your information and prevent future incidents.
We are here to support you through this situation. Please don't hesitate to reach out with any questions or concerns.
Thank you for your trust and patience as we work through this matter together.
Last Updated: November 8 2025 | For Questions: team@bravuura.cpa | (970) 564-7584