Notice of Data Incident at Stallcup & Associates, CPAs

On July 11, 2016, Stallcup & Associates, CPAs was subject to a ransomware virus and some of our network files were encrypted without our permission. Fortunately, the virus was detected within an hour and immediately stopped. Although there is no evidence that any files were viewed or exfiltrated, nor that such activities were intended, we are notifying parties of this incident because tax information was located in the same drive as some of the files infected by the virus.

Letters were mailed to all affected parties on September 21, 2016, advising them that:

If they are an individual, this information may have included their name, gender, birth date, telephone number(s), address, social security number, all employment (W-2) information, 1099 information, direct deposit bank account information, including account number and routing information (if provided to us), and supporting records.

If they are an entity, this information may have included their company name, Federal Employer Identification Number, address, telephone number, employee and/or 1099-recipient information, partner, shareholder/officer or beneficiary names, addresses, social security numbers, and supporting records.

If you did not receive a letter but are concerned that you could be affected, please call 1-855-253-6261 for verification.

Regarding the incident, we immediately contacted our IT consultant to secure our network and hired a third party forensic security firm to perform a thorough investigation into the breadth of the exposure. With the help of our IT consultants: (1) the malware on the impacted computer’s hard drive has been removed; (2) we have made internal software system management changes; and (3) all network firewalls, computers and security protections have been confirmed to be properly functioning.

We have also filed notice of our firm’s cyber intrusion with the FBI, all three consumer reporting agencies, and we have notified the offices of the applicable State Attorney Generals. We will further assist in any criminal investigation of the cyber intruder(s).

Given the breadth of information potentially exposed, we are recommending that those potentially affected be vigilant in reviewing all bank account and brokerage statements, as well as free credit reports. They may also want to change the bank account numbers provided us, and/or have a conversation with their bank notifying them of the incident. They can also call the three major credit agencies and place a 90-day fraud alert on their accounts. Contact information is: Equifax (1-888-766-0008; P.O. Box 740241, Atlanta, GA 30374), Experian (1-888-397-3742; P.O. Box 4500Allen, TX 75013), and TransUnion (1-800-680-7289; P.O. Box 1000, Chester, PA 19022-2000). Lastly, individuals are entitled to a free credit report every year from these agencies at

If identity theft is suspected, report it to law enforcement, including the Federal Trade Commission at Additional information about avoiding and protecting against identity theft can also be obtained by visiting the above Federal Trade Commission website, or by writing the Consumer Response Center at 600 Pennsylvania Ave., NW, Washington D.C., 20580, or by calling 1-877-IDTHEFT.

As an added precaution, we have arranged for complimentary credit monitoring to be provided to those affected for one year through AllClear ID. Please call toll free number 1-855-253-6261 for further information.

The protection and privacy of information is a top priority for our firm. After our combined 20+ years of close business relationships with our clients, we have no words to express how devastating it is to have had this happen. If you have any questions or concerns, please contact toll free number 1-855-253-6261; or by mail at Stallcup & Associates, CPAs, 2595 Mission St Suite 300, San Francisco, CA 94110.


SOURCE Stallcup & Associates, CPAs

About the author: Dissent

Comments are closed.