Cyber Incident Victim: Sachs Sax Caplan, P.L.
Date:
Jan 2020
Location:
United States of America
Summary
A Florida law firm experienced unauthorized access to employee email accounts and internal systems, potentially compromising sensitive client and case-related information. Following an investigation with third-party specialists, the firm confirmed the breach but could not determine specific data accessed or exfiltrated. The exposed information may have included names, dates of birth, Social Security numbers, driver’s license details, financial account information, medical records, and electronic signatures. Despite no evidence of actual misuse, the firm notified affected individuals and offered complimentary credit monitoring services as a precautionary measure after reviewing contents within the compromised systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 26, 2020, Sachs Sax Caplan, P.L. (SSC), a Florida-based law firm, identified suspicious activity affecting certain internal systems. The firm promptly initiated an investigation with assistance from third-party forensic specialists to determine the incident's scope and secure its network. The investigation revealed that an unauthorized actor had accessed specific SSC systems and employee email accounts during January and February 2020. While SSC confirmed the unauthorized access occurred, forensic analysis could not definitively establish whether sensitive data within these systems was actually viewed or exfiltrated by the threat actor. The compromised systems and accounts contained information related to clients and individuals involved in legal matters handled by the firm. SSC undertook an extensive manual and programmatic review of affected systems to identify potentially exposed data types, though they remained unable to confirm which specific individuals' information was accessed.
More than a year after discovery, SSC issued a public notification on March 12, 2021, via press release, stating the disclosure was made "in an abundance of caution." The firm acknowledged the affected systems contained sensitive personal information including names, dates of birth, Social Security numbers, driver’s license or state ID numbers, payment card details, electronic signatures, financial account numbers, and medical or health-related data. SSC emphasized no evidence of actual or attempted misuse of compromised information had been detected. The notification did not specify the number of affected individuals but described the data exposure as varying per person. SSC established a dedicated call center to address inquiries and offered complimentary credit monitoring and identity theft protection services to potentially impacted parties, despite the lack of confirmed misuse. The firm’s response focused on transparency regarding the breach’s potential scope while underscoring the limitations of their forensic findings.