EFS Data Breach: Social Security Numbers and Financial Account Information

Edwards, Faust & Smith, a certified public accounting firm based in Bangor, Maine, has disclosed a data breach affecting 928 individuals in the United States, including 837 Maine residents.

On April 30, 2026, the firm's IT provider discovered unauthorized activity involving parts of the company's computer network.

Upon discovery of the unauthorized activity, the server was isolated to prevent further access. By May 5, 2026, five days after the initial discovery, all unauthorized activity had been fully contained and mitigated, the company stated. An investigation determined that the breach began with a phishing attack.

The types of information involved included names, Social Security or taxpayer identification numbers, tax return information, IRS transcripts, financial account information, financial statements, dates of birth, government-issued identification and client correspondence.

Edwards, Faust & Smith began notifying affected individuals in writing on May 28, 2026.

Edwards, Faust & Smith's response to the breach

The firm did provide detailed written guidance on protective steps consumers can take on their own, including obtaining an Identity Protection PIN from the IRS and placing fraud alerts or security freezes with credit reporting agencies.

The notice also directed affected individuals to resources from the Federal Trade Commission and state attorneys general offices for additional help with identity theft.

Affected individuals who have questions about the incident or need assistance can contact Edwards, Faust & Smith by phone at 207-947-4575, Monday through Friday, 8:00 a.m. to 4:30 p.m.