Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Prominent US law firm Wolf Haldenstein disclosed a data breach

The law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 million individuals. The law firm Wolf Haldenstein disclosed a 2023 data breach that exposed the personal information of nearly 3.5 million individuals. Wolf Haldenstein Adler Freeman & Herz LLP is a prominent U.S.-based law firm that specializes in […]

Xsolis

The law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 million individuals.

The law firm Wolf Haldenstein disclosed a 2023 data breach that exposed the personal information of nearly 3.5 million individuals.

Wolf Haldenstein Adler Freeman & Herz LLP is a prominent U.S.-based law firm that specializes in complex class action litigation. Its expertise spans securities litigation, addressing corporate fraud and misrepresentation; antitrust law, targeting anti-competitive practices; consumer protection, focusing on deceptive practices and product liability; data privacy and cybersecurity, dealing with breaches and unauthorized data collection; and shareholder derivative actions, advocating for shareholders against corporate mismanagement.

The security breach occurred on December 13, 2023, but the company discovered the incident only on April 18, 2024, and has only now disclosed it due to the complexity of the digital forensic investigation.

“On December 13, 2023, Wolf Haldenstein detected suspicious activity in its network environment. Upon discovery of this incident, Wolf Haldenstein promptly took steps to secure its network and engaged a specialized cybersecurity firm to investigate the nature and scope of the incident. As a result of the investigation, Wolf Haldenstein learned that an unauthorized actor accessed certain files and data stored within its network. Wolf Haldenstein also conducted an examination of its systems and networks using all information available to determine the potential impact and the security of data housed on its servers.” reads the notice published by the company on its website.

“Wolf Haldenstein subsequently undertook a time-consuming and detailed review of the data stored on the servers at the time of this incident to understand to whom that data relates.”

On December 3, 2024, the law firm identified potentially affected individuals but lacked address information to notify them directly.

The threat actors may have had access to name, Social Security number, employee identification number, medical diagnosis, and medical claim information of impacted individuals.

The law firm pointed out that it has no evidence the exposed data has been misused.

The law firm recommends individuals to monitor accounts and credit reports for identity theft or fraud. U.S. law allows one free credit report annually from each major bureau. Customers can also place free fraud alerts on their credit files, requiring businesses to verify identity before extending credit. Victims of identity theft are eligible for a seven-year extended fraud alert.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)