Wiggin and Dana LLP

Wiggin and Dana LLP is a law firm headquartered in the United States of America. The nature of its operations, as a legal practice, inherently involves the handling of sensitive client information to provide professional services. The confirmed details of a 2021 security incident directly indicate the firm manages data types including names, dates of birth, Social Security numbers, financial account details, medical records, and government-issued identification numbers. This composition of data suggests the firm's client matters and transactional work routinely involve personal and financial information requiring a high duty of confidentiality, consistent with legal practice in areas such as corporate law, litigation, estate planning, or real estate where such identifiers are standard. The firm's operational scope is therefore centered on the provision of legal advice and representation, serving clients within the U.S. jurisdiction from its primary location.

On July 20, 2021, the firm experienced a ransomware attack that resulted in unauthorized access to its systems. The subsequent investigation, which included forensic specialists, could not definitively establish the full scope of data that was accessed or exfiltrated. However, the presence of the aforementioned sensitive data categories within the affected systems prompted the firm to initiate precautionary client notifications. This response was a direct consequence of the potential exposure of highly personal information, a significant concern for any entity entrusted with such data. The incident underscores the critical importance of cybersecurity for professional services firms that act as repositories for confidential client details. The firm engaged in an ongoing review of impacted systems to identify specifically which individual records may have been compromised, a process complicated by the nature of the attack and the volume of data stored. This event represents a material cybersecurity incident for the organization, highlighting the persistent threat of ransomware to the legal sector and the challenges in determining precise data breach scopes following such an intrusion.