DocketWise Data Breach Exposes Sensitive Information of Over 116,000 Individuals
In October 2025, DocketWise a cloud-based immigration case management platform for law firms discovered that unauthorized actors had accessed credentials for one of its third-party partner repositories. The breach involved the cloning of repositories used in a data migration pipeline, exposing unstructured data belonging to DocketWise’s law firm clients and their customers.
An investigation confirmed that the compromised data included highly sensitive personally identifiable information (PII) such as names, Social Security numbers, dates of birth, driver’s license and passport numbers, financial account details, payment card information, medical records, and login credentials. In total, 116,666 individuals across the U.S. were affected, including 13 in Maine.
DocketWise began notifying impacted law firms and individuals on April 3, 2026, following a detailed review of the exposed data. The incident has prompted legal action, with class action law firm Shamis & Gentile P.A. investigating potential compensation claims for those affected.
DocketWise, founded in 2015 by immigration attorneys in Philadelphia, provides case management, document handling, and client communication tools for legal professionals. The breach underscores the risks of third-party data exposure in cloud-based legal software.
Source: https://www.claimdepot.com/investigations/docketwise-data-breach-2026
DocketWise cybersecurity rating report: https://www.rankiteo.com/company/docketwise-software
"id": "DOC1775348964",
"linkid": "docketwise-software",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '116,666 individuals',
'industry': 'Legal Tech / Immigration Case Management',
'location': 'United States',
'name': 'DocketWise',
'type': 'Company'}],
'attack_vector': 'Third-party repository credentials compromise',
'customer_advisories': 'Notifications sent to impacted individuals and law '
'firms on April 3, 2026',
'data_breach': {'data_exfiltration': 'Cloning of repositories',
'number_of_records_exposed': '116,666',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Dates of birth',
'Driver’s license '
'numbers',
'Passport numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Financial account details',
'Payment card information',
'Medical records',
'Login credentials']},
'date_detected': '2025-10',
'date_publicly_disclosed': '2026-04-03',
'description': 'In October 2025, DocketWise, a cloud-based immigration case '
'management platform for law firms, discovered that '
'unauthorized actors had accessed credentials for one of its '
'third-party partner repositories. The breach involved the '
'cloning of repositories used in a data migration pipeline, '
'exposing unstructured data belonging to DocketWise’s law firm '
'clients and their customers. The compromised data included '
'highly sensitive personally identifiable information (PII) '
'such as names, Social Security numbers, dates of birth, '
'driver’s license and passport numbers, financial account '
'details, payment card information, medical records, and login '
'credentials. In total, 116,666 individuals across the U.S. '
'were affected, including 13 in Maine. DocketWise began '
'notifying impacted law firms and individuals on April 3, '
'2026, following a detailed review of the exposed data. The '
'incident has prompted legal action, with class action law '
'firm Shamis & Gentile P.A. investigating potential '
'compensation claims for those affected.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Personally identifiable information (PII), '
'financial account details, payment card '
'information, medical records, login '
'credentials',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action investigation',
'payment_information_risk': 'High',
'systems_affected': 'Third-party partner repositories, data '
'migration pipeline'},
'initial_access_broker': {'entry_point': 'Third-party partner repository '
'credentials'},
'investigation_status': 'Completed (notifications sent)',
'post_incident_analysis': {'root_causes': 'Unauthorized access to third-party '
'repository credentials'},
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Class action investigation by '
'Shamis & Gentile P.A.'},
'response': {'communication_strategy': 'Notifications to impacted law firms '
'and individuals on April 3, 2026'},
'title': 'DocketWise Data Breach Exposes Sensitive Information of Over '
'116,000 Individuals',
'type': 'Data Breach'}