Law firm Wolf Haldenstein Adler Freeman & Herz LLP has notified more than 3.4 million people that a December 2023 data breach exposed their personal information.
With offices in New York, Chicago, San Diego, and Nashville, Wolf Haldenstein specializes in litigations, including securities class actions and shareholder derivative actions.
The New York-based law firm said it learned of the security breach after detecting suspicious activity on its network on December 13, 2023. It responded by taking steps to secure its network environment and launching an investigation with third-party cybersecurity experts to determine the nature and scope of the incident.
Wolf Haldenstein law firm data breach exposed sensitive information
On January 2, 2024, Wolf Haldenstein’s probe determined that an “unauthorized actor accessed certain files and data stored within its network.” The law firm also further investigated the incident to determine the nature of the compromised information and to whom it relates.
Subsequently, it determined that the data breach leaked the victims’ names, social security numbers, employee identification numbers, medical diagnoses, and medical claim information.
According to a data breach notification filed with the Office of the Maine Attorney General, the incident affected 3,445,537 people, including 3,220 Maine residents.
A separate data breach notification filed with the Texas Attorney General’s office disclosed that 327,516 residents of the Lone Star state were impacted. The Attorney General of Vermont has also been notified. However, the law firm did not state whether the leaked information pertains to its employees or clients.
On December 3, 2024, the law firm identified some affected victims but could not determine their addresses to properly notify them of the data breach, leaving them exposed for nearly a year.
“On December 3, 2024, Wolf Haldenstein identified a subset of potentially affected persons but Wolf Haldenstein was unable to locate address information to provide direct notice to the subset of potentially impacted individuals,” the law firm stated.
Meanwhile, Wolf Haldenstein says it has enhanced its data privacy policies and procedures to prevent a similar data breach in the future. The law firm also offered complimentary credit monitoring to protect data breach victims from fraud.
However, the law firm says there is no evidence that the stolen information has been misused for nefarious purposes.
“While we have no evidence that any personal information has been misused, we are notifying you and providing information and resources to help protect your personal information,” Wolf Haldenstein stated.
Similarly, the malicious actor behind the Wolf Haldenstein data breach remains unknown. The law firm has also not confirmed receiving ransom demands to prevent the stolen information from being published online.
Nonetheless, victims should remain vigilant by reviewing their account statements and monitoring their credit reports. They can also place fraud alerts to prevent cybercriminals from using their leaked personal information to open credit lines.
They can also place a free “credit freeze” to force credit bureaus to seek authorization before releasing their credit reports, which are necessary for taking out loans.
Law firms are frequently the target of data breaches. In 2023, Orrick, Herrington & Sutcliffe suffered a data breach that affected 638,000 people, resulting in an $8 million lawsuit settlement.
Still in 2023, data breach law firm Thompson Coburn also suffered a cyber attack that exposed 305,000 individuals.
