Industry - Data Breach
Executive Summary
In September 2024, immigration case management platform DocketWise suffered a data breach when unauthorized actors used valid credentials to access repositories containing unstructured client data from multiple law firms, affecting 116,666 individuals. The exposed information varied by person but could include Social Security numbers, passport details, financial account information, medical records, and other sensitive personal data belonging to immigration law firm clients. The breach is par...
What Happened
In September 2024, unauthorized actors used valid credentials to access third-party repositories connected to DocketWise, an immigration case management platform used by law firms. The breach exposed unstructured client data from multiple immigration law firms, affecting 116,666 individuals. DocketWise discovered the compromise in October 2024, engaged cybersecurity experts, and began notifying affected parties in April 2025.
Who Is Affected
The breach affected 116,666 clients of immigration law firms that use DocketWise for case management. Exposed information varied by individual but could include Social Security numbers, passport and driver's license details, financial account credentials, medical records, health insurance policy numbers, and other highly sensitive personal data. At least five law firms had their client data compromised, with notifications sent to residents across multiple states including Maine.
Why It Matters
This breach is particularly concerning because it targets immigration clients whose sensitive documents - including government IDs, financial records, and medical information - are now in the hands of unauthorized actors at a time of heightened immigration enforcement. The incident demonstrates how third-party case management systems create concentrated risk, allowing a single credential compromise to expose data from multiple law firms and tens of thousands of clients. While DocketWise reports no evidence of data publication or extortion, the fate of this data tranche remains unknown, creating ongoing risk for affected individuals.
What You Should Do
If you are or were a client of an immigration law firm using DocketWise, monitor all financial accounts and credit reports closely for unauthorized activity and consider placing a credit freeze with major bureaus. Change passwords and enable multi-factor authentication on any accounts whose credentials may have been stored in your immigration files. Watch for phishing attempts or scams targeting you with knowledge of your immigration status or personal details. Contact the law firm that handled your case to confirm whether your data was affected and what specific information was exposed.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.
Sources
- Two data security incidents affected immigration law firms and their clients
- Healthcare data breach hits system storing patient records - Kurt the CyberGuy
- Charles River Insurance Data Breach Confirmed; Lawyers Investigating - ClassAction.org
- Baltimore Medical System Data Breach Exposes SSNs, Lawsuit Possible - ClassAction.org
- Privacy Watchdog to Inspect Call Centers After Delivery App Data Breach - Seoul Economic Daily
- Coupang Payment Volume Rebounds After Data Breach - Businesskorea