Pierluigi Paganini
January 16, 2025
The law firm Wolf Haldenstein disclosed a 2023 data breach that exposed the personal information of nearly 3.5 million individuals.
Wolf Haldenstein Adler Freeman & Herz LLP is a prominent U.S.-based law firm that specializes in complex class action litigation. Its expertise spans securities litigation, addressing corporate fraud and misrepresentation; antitrust law, targeting anti-competitive practices; consumer protection, focusing on deceptive practices and product liability; data privacy and cybersecurity, dealing with breaches and unauthorized data collection; and shareholder derivative actions, advocating for shareholders against corporate mismanagement.
The security breach occurred on December 13, 2023, but the company discovered the incident only on April 18, 2024, and has only now disclosed it due to the complexity of the digital forensic investigation.
“On December 13, 2023, Wolf Haldenstein detected suspicious activity in its network environment. Upon discovery of this incident, Wolf Haldenstein promptly took steps to secure its network and engaged a specialized cybersecurity firm to investigate the nature and scope of the incident. As a result of the investigation, Wolf Haldenstein learned that an unauthorized actor accessed certain files and data stored within its network. Wolf Haldenstein also conducted an examination of its systems and networks using all information available to determine the potential impact and the security of data housed on its servers.” reads the notice published by the company on its website.
“Wolf Haldenstein subsequently undertook a time-consuming and detailed review of the data stored on the servers at the time of this incident to understand to whom that data relates.”
On December 3, 2024, the law firm identified potentially affected individuals but lacked address information to notify them directly.
The threat actors may have had access to name, Social Security number, employee identification number, medical diagnosis, and medical claim information of impacted individuals.
The law firm pointed out that it has no evidence the exposed data has been misused.
The law firm recommends individuals to monitor accounts and credit reports for identity theft or fraud. U.S. law allows one free credit report annually from each major bureau. Customers can also place free fraud alerts on their credit files, requiring businesses to verify identity before extending credit. Victims of identity theft are eligible for a seven-year extended fraud alert.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
