Cyber Incident Victim: DocketWise
Date:
Oct 2025
Location:
United States of America
Summary
DocketWise disclosed that threat actors cloned third‑party partner repositories using valid credentials, gaining access to a wide range of personal data including names, addresses, dates of birth, Social Security numbers, driver’s license and passport numbers, financial account and payment card details, tax identification numbers, health insurance policy numbers, medical condition information and non‑financial account usernames. The unauthorized access has been closed and there is no evidence that the data was published online. Initial notices indicated about 116,000 affected individuals, while a later filing raised the estimate to roughly 143,000, with the possibility of further changes as the investigation continues. The company is providing two years of complimentary credit monitoring and identity restoration services to those impacted.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
DocketWise discovered the breach in October 2025 after detecting that threat actors had cloned third‑party partner repositories using valid credentials. Those cloned repositories were being used as a data migration pipeline for the DocketWise application, which stores law firm records containing a wide range of personal information. The unauthorized access exposed personally identifiable information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport and government ID numbers. In addition, financial account numbers, payment card details, tax identification numbers, health insurance policy numbers, and medical condition information were accessed, along with non‑financial account usernames and access information. The company determined that the intrusion had been contained and that there was no evidence of the compromised data being published online.

Notification efforts began in early April 2026, initially informing approximately 116,000 individuals that their data had been affected. A subsequent filing with the Maine Attorney General’s Office revised the total number of impacted persons to 143,480, noting that the figure could increase as the investigation continued. The breach was formally disclosed to the Maine Attorney General on April 3, 2026, with 13 Maine residents identified among those affected. DocketWise sent written notices to consumers on the same date and posted breach details on its website. Affected individuals were offered two years of free credit monitoring and identity restoration services through IDX, with enrollment possible via a dedicated IDX enrollment page using a code provided in the notification letter or by calling 1‑844‑890‑7449 Monday through Friday from 9 a.m. to 9 p.m. Eastern Time, excluding U.S. holidays. The enrollment deadline was set for July 3, 2026, and a dedicated assistance line was available for those who did not receive a notification letter but believed they might have been impacted.
In response to the incident, DocketWise confirmed that the unauthorized access had been closed and reiterated that no published data had been observed. The company emphasized its commitment to mitigating harm by providing the credit monitoring and identity restoration services at no cost to affected individuals for the specified 24‑month period. Throughout the notification period, the organization maintained communication channels to answer questions and assist with enrollment, aiming to ensure that those whose information was exposed could access the offered protections. The breach highlighted the risks associated with third‑party repository access and underscored the importance of monitoring credential usage within partner environments.
