Kansas law firm notifies 152K people of data breach that compromised SSNs, finances

Kansas law firm Berman & Rabin yesterday confirmed it notified 151,944 people about a July 2024 data breach that compromised Social Security numbers and financial account info.

Attackers first breached the firm on July 5, 2024, but the firm didn’t discover the breach until October 8, 2024, according to a disclosure submitted to the Maine attorney general.

“It was determined that an unknown actor gained access to certain systems between July 5, 2024, and July 8, 2024, and may have accessed or acquired information from these systems,” says Berman & Rabin’s notice to victims.

No cybercriminal group has publicly claimed responsibility for the attack as of time of writing.

We do not know if Berman & Rabin paid a ransom or how attackers breached its network. Comparitech contacted the firm for comment and will update this article if it replies.

Berman & Rabin is offering victims free credit monitoring via IDX. The enrollment deadline is April 23, 2025.

Ransomware attacks on US law firms

Ransomware attacks on US law firms can jeopardize sensitive client data and lock down computer systems used for everything from file storage to communication and payroll. If a firm doesn’t pay the ransom, the attack can cause costly delays and downtime while putting clients at risk of fraud.

This attack on Berman & Rabin was the largest confirmed ransomware attack on a US law firm in 2024. That year, Comparitech researchers logged 15 confirmed ransomware attacks on US law firms. That’s a significant decline from 2023, which saw 41 such attacks.

Two other law firms have started issuing data breach notifications this month: Kotz Sangster Wysocki P.C. and Phillip V. Keenan P.C. dba Ambler Keenan Mitchell Johnson. Ransomware gang LeakedData claimed responsibility for the attack on Kotz in December 2024, and Ambler suffered an attack from an unknown attacker in October 2024 for which it notified 4,863 people.

About Berman & Rabin

Based in Overland Park, Kansas, Berman & Rabin is a private attorney specializing in creditor representation. The firm also owns and operates LegalStream, an attorney network for collecting debts and outsourcing litigation in states where Berman & Rabin doesn’t handle its own legal operations.