Law firm Wolf Haldenstein Adler Freeman & Herz LLP is notifying more than 3.4 million individuals that their personal information was compromised in a December 2023 data breach.
According to the firm, it discovered the incident after detecting suspicious activity on its network. Its investigation revealed that a threat actor accessed certain files and data stored within the network, including personal information.
“On December 3, 2024, Wolf Haldenstein identified a subset of potentially affected persons but Wolf Haldenstein was unable to locate address information to provide direct notice to the subset of potentially impacted individuals,” the law firm said in an incident notice on its website.
The potentially compromised information includes names, Social Security numbers, employee identification numbers, and medical information such as diagnosis and medical claim details.
“While we have no evidence that any personal information has been misused, we are notifying you and providing information and resources to help protect your personal information,” Wolf Haldenstein said.
This week, the law firm told the Maine Attorney General’s Office that the personal information of more than 3.4 million individuals was compromised in the incident. Wolf Haldenstein is providing the impacted individuals with free credit monitoring services.
What Wolf Haldenstein did not reveal was the type of cyberattack it fell victim to, whether any threat actor attempted to extort it, and who the compromised information belongs to.
SecurityWeek has emailed the law firm for clarification on the matter and will update this article as soon as a reply arrives.
Founded in 1888, Wolf Haldenstein is a recognized legal services firm in the US, with offices in New York, Chicago, San Diego, and Nashville. The firm has expertise in complex litigations, including securities class actions, shareholder derivative actions, and transactional cases.
Related: 380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy
Related: 2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records
Related: US Charges Swiss ‘Hacktivist’ for Data Theft and Leaks
