Accounting Firm Dohman, Akerlund & Eddy Faces Data Breach

On October 7, 2024, Dohman, Akerlund & Eddy, LLC (DA&E) announced a significant data breach that exposed sensitive client information. The breach, first detected on February 28, 2024, involved an unauthorized actor gaining access to the accounting firm’s IT network and exfiltrating confidential files. The company later confirmed the breach, and on October 7, they began notifying affected individuals.

What Happened in the DA&E Breach?

Dohman, Akerlund & Eddy first noticed a disruption to its network in February, prompting an immediate investigation with the help of cybersecurity experts. It was later confirmed that an unauthorized party had accessed the network, removing files containing sensitive consumer information. The exact nature of the stolen data varies between individuals, and DA&E is in the process of notifying victims through personalized breach letters.

The breach has raised concerns, particularly given DA&E’s heavy involvement in industries like banking and healthcare, both of which handle highly sensitive data. DA&E is a longstanding accounting firm in Nebraska, with a client base spanning more than 70% of its business in these high-risk sectors.

The Need for Enhanced Security in Accounting Firms

Data breaches like this highlight the critical need for better security practices, especially in firms handling financial and personal information. Traditional accounting firms often rely on outdated security models, leaving them vulnerable to sophisticated cyberattacks.

This is where Zerocrat, a privacy-focused accounting SaaS solution, comes in. Zerocrat stands apart by offering a zero-knowledge encryption model, ensuring that even the service provider has no access to client data. Here’s how Zerocrat addresses the security challenges that other firms face:

1. AES-256 Encryption: Zerocrat uses military-grade encryption to safeguard sensitive data, ensuring that only the authorized user can access it.

2. Zero-Knowledge Architecture: Unlike traditional firms, Zerocrat can never access user data, meaning even in the event of a breach, attackers would find encrypted files useless without the proper decryption keys.

3. Two-Factor Authentication (2FA): Zerocrat requires 2FA, adding an extra layer of security for user accounts.

4. Minimal Attack Surface: By using a minimal set of dependencies and avoiding bloated front-end frameworks, Zerocrat minimizes vulnerabilities in its infrastructure, offering users a streamlined and secure environment.

Lessons from DA&E’s Breach: Why Security-First Accounting is the Future

The DA&E breach is a stark reminder that even well-established firms are at risk of cyberattacks. In today’s landscape, accounting firms must adopt more robust security measures. The Zerocrat platform is designed to protect sensitive financial data in ways that traditional firms simply cannot.

In conclusion, DA&E’s data breach serves as an example of how vulnerable outdated security models can be. With privacy breaches on the rise, adopting advanced solutions like Zerocrat could be the key to safeguarding sensitive information in the future.