KerberRose Data Breach Impacts 27,076 Individuals

Wisconsin-based certified public accounting firm, KerberRose S.C., disclosed a data breach in its wealth management division that affected approximately 27,076 individuals in the United States.

On April 29, 2026, an unauthorized third party gained access to an email account belonging to one KerberRose employee, according to the company's notification to consumers. That compromised email account resulted in limited access to a portion of a back-up platform used in operating the firm's wealth management business, which is run through a division called KerberRose Wealth Management LLC.

KerberRose became aware of the incident two days later, on May 1, 2026. According to the notification, no other systems and no other divisions of KerberRose's business were affected by the breach. The company specifically noted that the CPA and tax services offered through KerberRose S.C. were unaffected.

The affected individuals include wealth management customers of KerberRose as well as applicants for or participants in retirement plans for which the firm provides services, according to the notification letter.

The types of personal information that may have been exposed include names, addresses, Social Security numbers, financial account numbers, bank account information and dates of birth.

Breach notifications were filed with attorneys general in Maine, New Hampshire and Vermont, dated May 29, 2026, and with the Massachusetts Office of Consumer Affairs and Business Regulation, dated June 2, 2026.

According to those filings, four Maine residents, six Massachusetts residents, three New Hampshire residents and two Vermont residents were among those affected. The company discovered the breach on May 1, 2026. Consumer notification letters are dated May 29, 2026.

KerberRose's response

Given that the breach exposed highly sensitive information, including Social Security numbers and financial account details, KerberRose is offering affected individuals 24 months of free credit monitoring, credit report and credit score services through Cyberscout, a TransUnion company. These services provide alerts when changes occur to a person's credit file, with notifications sent the same day a change takes place. The company is also providing proactive fraud assistance to help individuals who have questions or who become victims of fraud.

To enroll, affected individuals can visit the Cyberscout enrollment page and enter the unique code included in their notification letter. Enrollment must be completed within 90 days of the letter's date. The enrollment process requires an internet connection and an email account, and it may not be available to minors under the age of 18.

KerberRose has set up a dedicated help line at 1-877-426-6807, staffed with fraud specialists and available from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, excluding holidays. The help line will be available for 90 days from the date of the notification letter. Affected individuals may also contact KerberRose directly at 1-920-785-8073 with questions or concerns.

In the notification letter, signed by Anthony Powers, President of Wealth Management, the company stated that it takes the matter "very seriously" and apologized "for the concern and inconvenience this may cause."

Steps to take if your information was exposed

• Review financial and government statements carefully. Check bank, credit card and other financial account statements, as well as correspondence from the IRS, for any unfamiliar or suspicious activity and report anything unusual to the statement sender immediately.
• Place a fraud alert or security freeze. Contact any one of the three major credit bureaus (Equifax at 1-800-685-1111, Experian at 1-888-397-3742 or TransUnion at 1-800-680-7289) to place a fraud alert or security freeze on credit files.
• Request free credit reports. Visit AnnualCreditReport.com to obtain free credit reports from all three bureaus and review them for any accounts or inquiries that are not recognized.
• Watch for tax-related identity theft. Because Social Security numbers were among the information exposed, be alert for unexpected notices from the IRS or difficulties filing a tax return, which could signal that someone has misused that information.
• Be cautious of phishing attempts. Watch for emails, phone calls or text messages that reference the KerberRose data breach by name, as scammers sometimes use breach notifications to trick people into sharing additional personal information.
• Report suspected identity theft promptly. If any signs of fraud or identity theft appear, file a report with the Federal Trade Commission at IdentityTheft.gov and contact local law enforcement.