Live disclosure tracker · updated continuously

Law Firm Data Breaches

Law firms hold the most sensitive corporate data outside the client itself — M&A, IP, litigation, settlements. They are systematically targeted by both criminal and state actors. Below is every law-firm breach LeakTrace has indexed.

98B+

Records Exposed

77

Incidents

94+

Countries

+104%

Breach Velocity YoY

View Live Map → Run Free Exposure Scan RSS

Browse by sector

All breaches Healthcare Finance Government Technology Retail Education Legal

Browse by year

Law Firm Data Breaches (77 indexed)

medium · legal · Apr 24, 2026

In Other News

Other noteworthy stories that might have slipped under the radar: Supreme Court hacker sentenced, Lovable exposed user data, Google expands enterprise security. The post In Other News: Unauthorized Mythos Access, Planke

View incident → Original disclosure Indexed 1 week, 1 day ago

medium · legal · Apr 10, 2026

Silent Ransom Group

Jones Day wasn’t the only big law firm to recently fall prey to threat actors variously known as Silent Ransom Group, Luna Moth, Chatty Spider, or UNC3753. DataBreaches will refer to them as the Silent Ransom Group

View incident → Original disclosure Indexed 3 weeks, 1 day ago

high · legal · Mar 27, 2026

LexisNexis Legal & Professional

Customer metadata and business information accessed

View incident → Indexed 1 month ago

high · legal · Mar 14, 2026

Norton Rose Fulbright (Canada)

85K client records from Canadian offices exposed via supply chain compromise

View incident → Original disclosure Indexed 1 month, 2 weeks ago

critical · legal · Mar 3, 2026

LexisNexis (Government Legal Data)

Federal judges, DOJ attorneys, SEC staff data accessed — 118 .gov accounts compromised

View incident → Original disclosure Indexed 1 month, 4 weeks ago

high · legal · Mar 1, 2026

Freshfields Bruckhaus

340K transaction records compromised

View incident → Original disclosure Indexed 2 months ago

high · legal · Feb 25, 2026

VIQ Solutions (Court Transcripts)

Legal transcription vendor breach — sensitive court proceedings compromised via subcontractor

View incident → Original disclosure Indexed 2 months, 1 week ago

critical · legal · Feb 18, 2026

Hogan Lovells International LLP

510K cross-border dispute records exposed via compromised document review platform

View incident → Original disclosure Indexed 2 months, 2 weeks ago

medium · legal · Feb 10, 2026

Gowling WLG

210K client records compromised via vendor

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · legal · Feb 5, 2026

Baker McKenzie

120K client records from 47 offices worldwide exposed via compromised email gateway

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · legal · Feb 5, 2026

Weil Gotshal & Manges

280K restructuring records stolen

View incident → Original disclosure Indexed 2 months, 3 weeks ago

high · legal · Feb 5, 2026

Allen & Overy

290K client records exposed in LockBit ransomware attack

View incident → Original disclosure Indexed 2 months, 3 weeks ago

critical · legal · Jan 12, 2026

Kirkland & Ellis LLP

Client M&A deal documents and litigation files exposed via compromised document management system

View incident → Original disclosure Indexed 3 months, 2 weeks ago

high · legal · Dec 5, 2025

Gibson Dunn & Crutcher LLP

280K antitrust investigation records exposed via phishing attack on senior associates

View incident → Original disclosure Indexed 4 months, 3 weeks ago

high · legal · Dec 1, 2025

Baker & Hostetler (Law Firm Sector)

Law firm cyberattacks nearly doubled in 2025 — average breach cost $5.08M

View incident → Original disclosure Indexed 5 months ago

high · legal · Dec 1, 2025

Blake Cassels & Graydon

340K client records stolen in ransomware

View incident → Original disclosure Indexed 5 months ago

medium · legal · Dec 1, 2025

White & Case

180K client records compromised

View incident → Original disclosure Indexed 5 months ago

medium · legal · Nov 1, 2025

Sullivan & Cromwell

210K M&A deal records exposed

View incident → Original disclosure Indexed 6 months ago

medium · legal · Nov 1, 2025

Cassels Brock (Canada)

180K client records exposed

View incident → Original disclosure Indexed 6 months ago

high · legal · Oct 20, 2025

Skadden Arps Slate Meagher & Flom

350K M&A deal records exposed via compromised secure file sharing platform

View incident → Original disclosure Indexed 6 months, 1 week ago

high · legal · Sep 5, 2025

Skadden Arps

210K M&A deal records exposed in targeted attack

View incident → Original disclosure Indexed 7 months, 3 weeks ago

high · legal · Aug 15, 2025

Sidley Austin LLP

480K client records from regulatory investigations exposed via ransomware attack

View incident → Original disclosure Indexed 8 months, 2 weeks ago

high · legal · Aug 5, 2025

Paul Weiss Rifkind

340K client records compromised

View incident → Original disclosure Indexed 8 months, 3 weeks ago

medium · legal · Aug 5, 2025

Osler Hoskin & Harcourt

180K M&A deal records exposed

View incident → Original disclosure Indexed 8 months, 3 weeks ago