In February 2024, Sharp Law identified unusual activity in an employee’s email account, prompting immediate action to secure the account and enlist computer forensic specialists for a comprehensive investigation. While the investigation did not definitively confirm whether any emails or attachments had been accessed, it established that an unauthorized user had access to the account from November 6, 2023, to February 19, 2024. This led Sharp Law to undertake a thorough review of the entire contents of the account, a process that concluded on June 21, 2024. After confirming last known address information for all individuals involved, the firm decided to notify those potentially affected as a precautionary measure.
The personal information at risk included names and Social Security numbers, raising concerns about potential identity theft and misuse. On or around August 16, 2024, Sharp Law began mailing notifications to approximately 3,350 individuals, including three residents of Maine. As part of the notification process, Sharp Law also provided instructions on safeguarding personal information and emphasized the importance of monitoring financial statements and credit reports for any signs of fraudulent activity. The firm encouraged individuals to report any suspicious actions to their financial institutions and law enforcement.
To further support the impacted individuals, especially those residing in Maine, Sharp Law offered 12 months of complimentary services through Kroll, which included credit monitoring, fraud consultation, and identity theft restoration. The notifications contained essential contact information for major consumer reporting bureaus and state-specific regulators, enabling recipients to take additional protective measures if deemed necessary. This proactive approach demonstrated Sharp Law’s commitment to assisting individuals in safeguarding their personal information.
Following the incident, Sharp Law took steps to enhance its security protocols, including resetting account passwords and implementing multi-factor authentication for email accounts. The firm also continued collaborating with data privacy and security experts to assess and strengthen existing data protection measures. In addition to notifying affected individuals, Sharp Law is reporting the incident to relevant state regulators, ensuring transparency and compliance with legal requirements. The firm aims to bolster its data security framework to prevent similar incidents in the future.
Reference:
