In October 2025, a criminal hacking group claimed it exploited a Salesforce CRM and related plugins vulnerability in 39 organizations, including Google, Disney, and other major corporations. 1-800Accountant was also listed. Security is our first priority, and we choose best-in-class applications with leading security measures. In this case, however, bad actors were able to obtain an unverified number of client records with basic business information.
Our review confirms that the incident involved only basic business information, such as the business name and contact details (business address, zip code, state of incorporations etc.). Privacy laws indicate that for lost data to be damaging to individuals, it must be personal in nature and include one or more of: SSN, Driver's license number or other government ID number, Account number, Credit/debit card number in combo with a required security or access code or password, Medical info, Health insurance info, Biometric or genetic data. 1-800Accountant does not store this kind of data in our Salesforce instance.
As part of our commitment to our clients’ security, we are offering any client a complimentary one-year subscription to NordProtect identity-theft protection. For details or to request this service, please get in touch with our support team here: (link to case submission page).