Accounting Firm Hallisey & D’Agostino Faces Class Action Investigation Over Data Breach Impacting 16,683

**TL;DR** A class action law firm is investigating a data breach at public accounting firm Hallisey & D’Agostino, which exposed personal data of 16,683 individuals after unauthorized network access between late September and late October 2025.

Public accounting firm Hallisey & D’Agostino, LLP, based in Wethersfield, Connecticut, is facing an investigation by class action attorneys following a significant data breach. The firm detected unusual network activity on October 21, 2025, initiating an immediate response to secure its systems and launch an investigation.

The forensic review, conducted with external cybersecurity experts, revealed an unauthorized actor had gained access to the firm's network. This access occurred between September 28, 2025, and October 22, 2025. The investigation concluded that certain files containing personal information may have been acquired during this intrusion.

Impact of the breach is substantial, affecting 16,683 individuals nationwide. Among these, 74 individuals are located in Maine. The firm completed its comprehensive data review on March 19, 2026, subsequently issuing written notifications to affected parties on April 17, 2026.

What It Means

This incident highlights the critical security challenges faced by firms handling sensitive client data, even those with smaller operational footprints. Law firm Shamis & Gentile P.A., specializing in data breach litigation, has commenced an investigation into Hallisey & D’Agostino's breach for a potential class action lawsuit. Such legal action typically seeks compensation for individuals whose sensitive personally identifiable information (PII) was exposed, potentially leading to identity theft or financial fraud.

What Defenders Should Do

Organizations must proactively implement robust cybersecurity measures to mitigate similar risks. Essential steps include enforcing multi-factor authentication (MFA) across all accounts and network access points, significantly reducing unauthorized entry vectors.

Regular security awareness training for all employees is crucial, focusing on identifying phishing attempts and practicing strong password hygiene. Furthermore, maintaining an up-to-date patch management program to address known vulnerabilities and implementing network segmentation can limit the lateral movement of threat actors should an initial breach occur. Engaging third-party cybersecurity auditors for regular assessments strengthens an organization's defensive posture.

Watch for developments in the class action investigation, which will further shape accountability standards for data custodians and potentially influence cybersecurity best practices across professional services sectors.