Cyber Incident Victim: Disability Help Group

On June 16, 2022, Disability Help Group, a Florida-based advocacy service assisting individuals with Social Security and veterans’ disability benefits, experienced a ransomware attack that encrypted its files. The attackers, operating under a well-known ransomware operation, later claimed responsibility and listed the organization on their dedicated leak site by July 20, 2022. The leak site entry included Disability Help Group’s URL and referenced LaVan & Neidenberg, a law firm connected to the organization through attorney Adam Neidenberg, whose name appeared on client documentation despite the site’s disclaimer that it was not a law firm. The ransomware group published a “proof pack” containing extensive client case files from 2020–2022, each comprising 600 to over 1,300 pages of sensitive records. These files included full names, occupational histories, medical evaluations, and other personally identifiable information used to determine eligibility for disability benefits.

The proof pack represented only a portion of the data exfiltrated, according to the attackers, who did not disclose the total volume of stolen information or a timeline for further leaks. Analysis by DataBreaches.net confirmed the presence of hundreds of case files in the leaked material, exposing detailed personal and medical histories of thousands of individuals. Disability Help Group did not respond to a request for comment from DataBreaches.net on August 3, 2022, regarding the breach or the leak. No public statements from the organization about client notifications, remediation efforts, or system recovery were documented in the available source material. The incident left unresolved questions about the full scope of compromised data and whether affected clients were informed of the exposure of their sensitive records.