Cyber Incident Victim: Sax LLP
Date:
Aug 2024
Location:
—
Summary
A cybersecurity breach at Sax LLP occurred following suspicious network activity, leading to unauthorized access by cybercriminals who exploited inadequate security measures. The incident potentially compromised sensitive personal data of approximately 228,876 individuals, including names, birth dates, Social Security numbers, driver’s license details, government IDs, and passport information, exposing affected parties to risks such as identity theft and illicit data sales. The compromised information may have been acquired by threat actors capable of exploiting it for fraudulent activities or dark web distribution. Legal investigations into potential class action claims are underway due to the exposure of highly confidential personal details.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 7, 2024, Sax LLP detected suspicious activity on its computer network, prompting an internal investigation into a potential security incident. Forensic analysis confirmed unauthorized access by cybercriminals who exploited inadequate network security measures to infiltrate systems. The attackers gained access to files containing sensitive personal information during their intrusion. Sax LLP's investigation concluded that 228,876 individuals had their confidential data potentially accessed or acquired during the breach. The compromised information included full names, dates of birth, and government-issued identification details. Social Security numbers, driver's license numbers, and passport information were among the exposed data categories. Sax LLP did not publicly disclose the specific duration of unauthorized access or the exact methods used by attackers to compromise their network.
The data breach exposed victims to significant risks of identity theft and financial fraud, as cybercriminals could exploit the stolen information or sell it on dark web markets. Murphy Law Firm announced its investigation into potential legal claims on December 26, 2025, nearly seventeen months after the breach discovery. The firm began evaluating grounds for a class action lawsuit to seek damages for affected individuals. Impacted parties were identified through direct breach notifications from Sax LLP, though the company did not disclose when these notifications occurred. No information was provided regarding Sax LLP's containment measures, system remediation efforts, or whether ransomware or extortion demands were involved. The forensic investigation confirmed the breach's scope but did not reveal whether data was actually exfiltrated or merely accessed.