The more sensitive information on hand the better for hackers which is why the news that the U.S. law firm Wolf Haldenstein has been hit by a major data breach isn’t all that surprising.
As reported by BleepingComputer, the breach itself occurred back in December, though we’re just learning about it now. In fact, we reported on five separate data breaches that month including a massive healthcare breach that affected 6 million people as well as one at a background check company.
Unlike with your typical data breach where hackers go after large retailers or other consumer companies, this string of attacks targeted organizations storing much more sensitive info like healthcare data and Social Security numbers (SSNs). Infiltrating and breaching a law firm’s systems makes perfect sense too though, as the hackers responsible could use this stolen information for blackmail as well as in targeted phishing attacks.
With offices across the U.S. in New York, Chicago and other big cities, Wolf Haldenstein has revealed that the sensitive data of nearly 3.5 million individuals has been exposed as a result of this new breach. Here’s everything you need to know about this latest data breach along with some steps you can take to stay safe after a company you directly or even indirectly do business with suffers a similar fate.
Exposed but not yet misused
According to a data breach notification put out by Wolf Haldenstein, the law firm explained that it detected suspicious activity on its network in mid December of last year. From there, it took steps to secure its network and hired a cybersecurity firm to investigate the incident further.
Following this investigation, Wolf Haldenstein learned that an unauthorized threat actor accessed certain files and data stored within its network during this time frame. As of now, the law firm hasn’t seen any evidence that this stolen data is being misused online. However, while on its systems the threat actor or hackers behind the breach managed to obtain the following data on impacted individuals:
- Full names
- Dates of birth
- Social Security numbers (SSN)
- Addresses for the past two to five years
- Proof of current address (like a current utility bill)
- Photocopies of government issued IDs or driver’s licenses
- Copies of police reports, investigative reports or complaints to law enforcement
With all of this data in hand, the threat actor responsible for this breach could launch targeted phishing attacks against impacted individuals or use it for social engineering and other scams. Likewise, they might sell it to other hackers on the dark web to use in their own attacks.
Unfortunately for affected individuals, Wolf Haldenstein has run into difficulties determining who is actually impacted by this breach. This will make it harder to send out data breach notification letters to anyone caught up in the fallout.
How to stay safe after a data breach
Normally after a major breach like this, a company will offer free access to the best identity theft protection services, though some don’t. Wolf Haldenstein is taking the middle ground by providing impacted individuals with free credit monitoring but not identity theft protection. However, that could change.
In its data breach notification post, the law firm provides a phone number at the bottom that those who are concerned that their sensitive information may have been stolen can call for more details on how to set up this complimentary credit monitoring.
It’s also worth noting that at this time, we don’t know whether the exposed data belonged to clients, employees or other individuals connected to the firm. Regardless, if you think your data might have been compromised in this breach, you’re going to want to pay careful attention when checking your inbox going forward as all of that stolen info could easily be used to craft convincing phishing emails. At the same time, as addresses were exposed, you could also end up with suspicious letters in your actual mailbox.
Basically, you want to be very cautious with dealing with any communications — whether it be over email, text or social networks — for the time being. Don’t open any links, download attachments or even respond to any email or message that looks suspicious.
If you haven’t already, now would be a great time to invest in identity theft protection. You probably also want to make sure that you have the best antivirus software installed on your PC, the best Mac antivirus software installed on your Apple computer and one of the best Android antivirus apps on your phone if you don’t use an iPhone. All of these phishing emails and messages could contain malware and a good antivirus will help you stay protected from additional attacks.
We’ll update this story with more details on the affected individuals once we know more but until then, make sure you're practicing good cyber hygiene and being extra careful online and in the real world if you think you may be impacted by this breach.
More from Tom's Guide
