Edwards, Faust & Smith Data Breach Lawsuit Investigation
Received an April 2026 breach notice from Edwards, Faust & Smith?
Dapeer Law, P.A. is investigating a potential class action against Edwards, Faust & Smith, a Maine-based accounting and tax firm, on behalf of clients whose tax and financial records may have been exposed in the April 2026 phishing incident.
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a data breach notification letter from Edwards, Faust & Smith dated April 2026.
- You received written notice from Edwards, Faust & Smith dated on or around May 27, 2026.
- You had tax, financial, or identity information held by Edwards, Faust & Smith in its capacity as your accountant or tax preparer.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
According to a notice filed with the Maine Attorney General, Edwards, Faust & Smith ("EFS") reported that on April 30, 2026 its outside IT provider discovered unauthorized activity inside the firm's computer network. The firm's investigation determined that threat actors had launched a phishing email disguised as a message from a prospective client, which compromised one workstation and a remote server.
EFS states that it isolated the affected server immediately and, by May 5, 2026, confirmed that the unauthorized activity had been mitigated. The firm disclosed the incident to the Maine Attorney General on May 27, 2026 and mailed notice letters to affected individuals the same month. The public filing does not state how many people were affected, and the notice does not indicate that complimentary credit monitoring is being offered.
Because EFS is an accounting and tax practice, the categories of information it holds are especially sensitive. The notice indicates that names, Social Security or taxpayer identification numbers, dates of birth, tax return information and IRS transcripts, financial account numbers and statements, government-issued identification, and other client documents may have been involved. Exposure of this combination of data can heighten the risk of fraudulent tax filings and identity theft, which is why the firm urges recipients to obtain an IRS Identity Protection PIN.
What to do if you received a letter
Keep your notice letter
Do not discard it. Your letter documents that your information was involved and is important evidence if you decide to participate in a lawsuit.
Obtain an IRS Identity Protection PIN (IP PIN)
The breach notice did not offer complimentary credit monitoring. Instead, the firm recommends obtaining an IRS Identity Protection PIN (IP PIN), a six-digit number that helps prevent someone from filing a fraudulent tax return in your name. You can start the process at irs.gov. Taking these steps does not waive your right to pursue legal action.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide. Because tax data was involved, also watch for IRS notices about returns you did not file and any rejection of an e-filed return as a possible sign of tax fraud.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options, and advise whether you may be eligible to join a class action.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines, or tax refund fraud tied to the breach.
Statutory damages
Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring the firm to implement stronger data security practices going forward, including improved email and phishing safeguards.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from Edwards, Faust & Smith. What should I do? +
Keep your notice letter, obtain an IRS Identity Protection PIN (IP PIN) at irs.gov to help block fraudulent tax filings, place a fraud alert or security freeze with the credit bureaus, monitor your credit reports and financial accounts, and watch for IRS notices about returns you did not file. If you notice suspicious activity, report it and consider speaking with a data breach attorney.
Am I eligible to join a class action against Edwards, Faust & Smith? +
If you received a breach notice from Edwards, Faust & Smith, you may qualify to seek compensation. Eligibility is confirmed on a case-by-case basis and can depend on your state of residence, the categories of your data that were involved, and any losses or time you can document.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
The notice indicates that potentially involved data includes names, Social Security or taxpayer identification numbers, dates of birth, tax return information and IRS transcripts, financial account numbers and statements, government-issued identification, and other client documents. Check your individual letter for the specifics that apply to you.
Did Edwards, Faust & Smith offer free credit monitoring? +
The breach notice does not state that complimentary credit monitoring is being offered. It instead recommends obtaining an IRS Identity Protection PIN (IP PIN) and provides additional identity-theft resources. Obtaining an IP PIN or monitoring your own credit does not waive your right to pursue a claim.
How many people were affected by the Edwards, Faust & Smith breach? +
The total number of affected individuals was not specified in the public Maine Attorney General filing. This page will be updated as more information becomes available.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
The notice was filed with the Maine Attorney General and can be downloaded from the Maine AG data breach portal. Dapeer Law can also help you obtain a copy during a free consultation.
Sources & references
- Official breach notice filing · Maine Attorney General, Data Breach Notice (PDF)
- Company · Edwards, Faust & Smith (efscpa.com)
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC IdentityTheft.gov
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.
