Digital WarRoom suffered a ransomware attack executed by the **SAFEPAY** group, leading to unauthorized access and exfiltration of **500 GB of sensitive organizational data**, including **Social Security numbers (SSNs)**. The breach was first detected around **May 13, 2025**, but was only disclosed to the **Massachusetts Attorney General** on **October 24, 2025**, after the ransomware group publicized the theft on a dark web forum in **June 2025**. The exposed SSNs pose severe risks of **identity theft, financial fraud, and long-term reputational damage** to affected individuals. In response, Digital WarRoom conducted a forensic investigation, secured its IT infrastructure, and notified impacted parties, offering **24 months of free credit monitoring and identity restoration services** via Epiq. The company also engaged federal law enforcement and advised victims to monitor financial accounts, place fraud alerts, and consider credit freezes. The breach underscores critical vulnerabilities in data protection, with potential legal and regulatory repercussions due to the delayed disclosure and the highly sensitive nature of the compromised information.
Source: https://www.claimdepot.com/data-breach/digital-warroom-2025
TPRM report: https://www.rankiteo.com/company/digital-warroom
"id": "dig1092910102425",
"linkid": "digital-warroom",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'legal services / technology',
'location': 'Bainbridge Island, WA, USA',
'name': 'Digital WarRoom (Gallivan, Gallivan and '
"O'Melia LLC)",
'type': 'law firm / eDiscovery software provider'}],
'attack_vector': 'unauthorized network access',
'customer_advisories': {'contact_mail': 'P.O. Box 10340, Bainbridge Island, '
'WA 98110',
'contact_phone': '206-798-5350 (Mon-Fri, 9 a.m. to 5 '
'p.m. ET)',
'services_offered': ['24 months of credit monitoring',
'identity restoration services']},
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (PII including SSNs)',
'type_of_data_compromised': ['Social Security numbers',
'organizational data']},
'date_publicly_disclosed': '2025-10-24',
'description': "Gallivan, Gallivan and O'Melia LLC, operating as Digital "
'WarRoom, experienced a data breach exposing sensitive '
'personal information, including Social Security numbers. The '
'breach originated from unauthorized access to their IT '
'network, leading to data copying by an external actor. The '
'ransomware group SAFEPAY claimed responsibility, stating they '
'obtained 500 GB of organizational data. The incident was '
'reported to the Massachusetts Attorney General and involved '
'data exfiltration and potential identity theft risks.',
'impact': {'brand_reputation_impact': 'high (due to exposure of sensitive '
'PII)',
'data_compromised': ['Social Security numbers',
'500 GB of organizational data'],
'identity_theft_risk': 'high (Social Security numbers exposed)',
'systems_affected': ['IT network']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['IT network',
'sensitive PII (SSNs)']},
'investigation_status': 'forensic investigation initiated; ongoing '
'remediation',
'motivation': ['financial gain', 'data theft'],
'post_incident_analysis': {'corrective_actions': ['securing IT environment',
'customer notification',
'credit monitoring '
'services']},
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'SAFEPAY'},
'recommendations': ['Enroll in 24 months of complimentary credit monitoring '
'and identity restoration services (via Epiq).',
'Review account statements and monitor credit reports '
'regularly.',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus.',
'Remain vigilant for signs of identity theft or fraud.'],
'references': [{'source': 'Massachusetts Attorney General Office Disclosure'},
{'date_accessed': '2025-06-03',
'source': 'SAFEPAY Dark Web Forum Post'},
{'source': 'Digital WarRoom Customer Notice'}],
'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
'Attorney General',
'federal law '
'enforcement']},
'response': {'communication_strategy': ['direct notice to affected '
'individuals',
'public disclosure to Massachusetts '
'Attorney General',
'customer support contact '
'(phone/mail)'],
'containment_measures': ['securing IT environment'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['identifying affected data',
'notifying customers and individuals'],
'third_party_assistance': ['forensic investigation team',
'Epiq (credit monitoring services)']},
'threat_actor': 'SAFEPAY (ransomware group)',
'title': 'Data Breach at Digital WarRoom Involving Ransomware and '
'Exfiltration of Sensitive Personal Information',
'type': ['data breach', 'ransomware attack', 'unauthorized access']}