Six Attorneys. One Phishing Email. A Class Action.
What Happened
On March 9, 2024, Wacks Law Group, a six-attorney estate planning firm in Whippany, New Jersey, discovered suspicious activity on its network. The Qilin ransomware group soon claimed responsibility, announcing on its dark web leak site that it had stolen and encrypted client data. The exposed information included names, Social Security numbers, driver’s license numbers, confidential documents, and non-disclosure agreements. The firm did not notify affected clients until August, roughly five months later. That delay became the centerpiece of a class-action lawsuit alleging the gap gave criminals a head start on the stolen data.
Where It Went Wrong
The belief that only large firms get attacked is one of the most expensive myths in professional services. A six-person practice holds the same confidential client data as a national firm, often with none of the monitoring. The breach was damaging. The slow, undocumented response made it worse.
How Red Door Shield Stops This
Keep what's valuable secure
Endpoint protection and isolated backups contain a phishing click before it becomes firm-wide encryption, and keep privileged client files recoverable.
Inspect what's coming in
Email security and 24/7 monitoring catch the phishing message and the intrusion that follows it, at the gate rather than after the leak.
Trust through validation
A tested incident-response plan and audit-ready records mean notification is prompt and defensible, protecting both clients and the firm’s standing with the bar.
The Takeaway
For a small firm, client confidentiality is the practice. Enterprise-grade monitoring is no longer a big-firm luxury. It is the difference between a contained incident and a lawsuit with the firm’s name on it.
Related Case Studies
When Tax Season Becomes Open Season
In April 2024, Legacy Professionals LLP, an accounting firm based in Westchester, Illinois, just outside Chicago, was breached by the LockBit 3.0 ransomware group. Over two days, the attackers moved through the firm’s network and quietly copied files before anyone noticed. Those files held names, Social Security numbers, driver’s license numbers, and medical and health insurance details for 216,752 people. That August, the criminals published the stolen data on the dark web. The firm did not finish notifying affected individuals until early 2025, and it now faces class-action lawsuits over the breach and the delay.
38 Gigabytes of Tenant Trust, Gone in a Day
In December 2024, Tri County Property Management, based in Sandwich, Illinois, was breached, with attackers removing roughly 38 gigabytes of data from its systems. Property managers sit on exactly what criminals want: tenant Social Security numbers, bank account and payment records, lease files, and applicant background data. The same pattern played out at Income Property Management, where a single intrusion exposed driver’s licenses, Social Security numbers, dates of birth, medical details, and even passport numbers, and the firm did not notify affected people until more than a year later.
Don't wait to become a case study.
Find out exactly where your security stands today with our comprehensive, zero-pressure risk assessment.
Book Free Assessment