Wolf Haldenstein law firm says 3.5 million impacted by data breach

Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers.

The incident took place on December 13, 2023, but the firm says data analysis and digital forensic complications severely delayed the completion of its investigation.

Last Friday, Wolf Haldenstein published a data breach notice on its website, while an entry on Maine AG's data breach portal sets the total number of persons affected by it to 3,445,537.

Although this number was determined on December 3, 2024, the firm has been unable to locate contact information for many impacted people, so notices aren't being sent yet.

WolfHaldenstein is an American law firm founded in 1888 that operates multiple offices across the United States, including in New York, Chicago, San Diego, and Nashville.

According to the recent disclosure, Wolf Haldenstein suffered a late 2023 data breach where hackers accessed confidential information stored on its servers.

"On December 13, 2023, Wolf Haldenstein detected suspicious activity in its network environment," reads the announcement.

"As a result of the investigation, Wolf Haldenstein learned that an unauthorized actor accessed certain files and data stored within its network," also mentions the firm.

Although the law firm says it has no evidence the exposed data has been misused, it warns impacted individuals that hackers may be holding the following information about them:

Exposure of this data steeply increases the risk of phishing, scams, social engineering, and other targeted attacks on impacted individuals.

The situation was only worsened by the firm's slow progress in determining who was impacted and the delay in making this public.

"Wolf Haldenstein [...] undertook a time-consuming and detailed review of the data stored on the servers at the time of this incident to understand to whom that data relates," explains the firm.

"On December 3, 2024, Wolf Haldenstein identified a subset of potentially affected persons, but Wolf Haldenstein was unable to locate address information to provide direct notice to the subset of potentially impacted individuals."

Despite the lack of ability to directly reach impacted individuals, complementary credit monitoring coverage will be offered to those who believe they are impacted.

Wolf Haldenstein also encourages individuals to remain vigilant against unsolicited communications and suspicious activity on their accounts and consider placing a fraud alert or a security freeze.

The firm does not explicitly state whether the exposed data belonged to clients, employees, or other individuals who had their information stored on its servers. If you did business with them, it would be prudent to call them and ask how this incident impacts you.

BleepingComputer has also reached out to Wolf Haldenstein with a similar request, and we will update this post as soon as we receive a response.