CALL 6: Accounting firm data breach latest in growing problem

Expert says ransomware attack 'very scary'

FISHERS, Ind. -- A Central Indiana accounting firm has become the latest victim of a data breach, Call 6 Investigates has learned.

Whitinger & Company has offices in Fishers and Muncie, and provides accounting  and tax services, fraud detection, financial advising, audits and estate planning.

They recently became a victim of a ransomware attack in which a number of files in its system were encrypted to prevent Whitinger from accessing them.

Whitinger hired a forensic investigation firm who discovered the perpetrators accessed Whitinger’s system between January 29 and March 3.

Once the company determined who was impacted, they sent letters to affected clients on July 18.

“Whitinger is providing those who may be affected with identify protection services, including credit monitoring, for 24 months at no cost to the recipient,” read a statement obtained by RTV6. “Whitinger has provided potentially impacted individuals with information on how to better protect against identity theft and fraud, as well as providing them with access to a dedicated hotline in case they have further questions.”

Certified fraud examiner Greg Wright represents one victim of Whitinger’s data breach and said the client is still waiting for his tax returns.

“It’s an electronic home invasion,” said Wright. “It can ruin your credit and your children’s credit.”

Wright said data breaches at accounting firms and banks are more serious than breaches at retailers because the perpetrators can access so much more sensitive information than just a credit card.

“They can determine where your bank accounts are, where your stock brokerage accounts are, how much money you have in them and then easily crack your passwords and get into your accounts and loot them,” said Wright. “It's very scary."

Call 6 Investigates has uncovered the data breach is part of a growing trend of data breaches impacting Hoosiers.

Indiana law requires companies to disclose breaches impacting Indiana residents “without unreasonable delay.”

In 2014, the Indiana Attorney General’s office received 415 reports of data breaches at both in-state and out of state companies.

In 2015, that number increased to 526, and in 2016, 676 were reported.

So far in 2017, 620 data breaches impacting Hoosiers have been reported to the Attorney General.


2013: 421
2014: 415
2015: 526
2016: 676
2017: 620

Wright said data breaches are increasing because they are profitable.

“It’s organized crime and there’s a lot of money to be made,” said Wright. “There is more money to be made by criminals from stealing identities than there is to break into your house with a gun, and when they get caught they spend less time in jail.”

Wright said if you’ve been a victim of a data breach, go directly to the institutions that have your money and meet face-to-face.

“Make sure your accounts are locked down,” said Wright.

Wright said 80% of Americans use the same passwords on their accounts.

So, changing your passwords and using different passwords can help protect you.
The Attorney General’s office offers a website dedicated to how to freeze your credit with the three credit agencies, which prevents identity thieves from opening credit in your name.

RELATEDAG reminding consumers of credit freeze option

It’s unclear if Whitinger paid a ransom in response to the attack.

“Whitinger has a number of security measures in place to protect the information in its possession,” read the statement provided to Call 6 Investigates. “As part of Whitinger’s ongoing commitment to the security of personal information in our care, Whitinger is working to implement additional safeguards to protect the security of information in its systems. Whitinger has also contacted the IRS, the FBI, and certain state Attorneys General regarding this incident.”

MORE | Indiana Medicaid patients warned of possible data breach | Indy Healthcare billing company latest W-2 breach victim

Print this article Back to Top