LaBella Associates, an architecture and planning firm headquartered in Rochester, New York, experienced a **data breach** on or around **March 24, 2025**, when the **ransomware group RHYSIDA** infiltrated its systems. The attackers accessed sensitive files, compromising **personally identifiable information (PII)** of at least **6,712 individuals**, including names, dates of birth, Social Security numbers, driver’s license/state ID numbers, and financial account details. The breach posed a severe risk of identity theft, financial fraud, and reputational harm. RHYSIDA threatened to publish the stolen data on the dark web, escalating the threat. Affected individuals were notified in **November 2025**, with offers of credit monitoring and legal recourse for potential compensation. The incident underscored vulnerabilities in the company’s cybersecurity, exposing employees and clients to long-term risks.
Source: https://www.claimdepot.com/investigations/labella-associates-data-breach-2025
TPRM report: https://www.rankiteo.com/company/labella-associates-p-c-
"id": "lab1592815111325",
"linkid": "labella-associates-p-c-",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '6,712 individuals (including '
'179 in Maine and 30 in '
'Massachusetts)',
'industry': ['Architecture',
'Engineering',
'Energy',
'Infrastructure',
'Environmental Consulting'],
'location': {'headquarters': 'Rochester, New York, USA',
'offices': '40+ worldwide (including '
'Madrid, Spain and multiple '
'locations across New York '
'State)'},
'name': 'LaBella Associates',
'size': '1,200+ employees',
'type': 'Private Company'}],
'customer_advisories': ['Breach notification letters sent on 2025-11-12',
'Offer of free credit monitoring and fraud assistance '
'(TransUnion Cyberscout)',
'Guidance on fraud alerts, credit reports, and legal '
'rights'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '6,712',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes PII and financial '
'data)',
'type_of_data_compromised': ['First and last name',
'Date of birth',
'Social Security number (SSN)',
"Driver's license or state ID "
'number',
'Financial account information']},
'date_detected': '2025-03-24',
'description': 'LaBella Associates, an architecture and planning firm, '
'experienced a data breach on or around March 24, 2025. A '
'threat actor (hacking group RHYSIDA) gained unauthorized '
"access to the company's computer environment, potentially "
'exposing sensitive personally identifiable information (PII) '
'of at least 6,712 individuals in the U.S. The breach involved '
'ransomware, with threats to publish stolen data on the dark '
'web. Affected individuals were notified via mail on November '
'12, 2025.',
'impact': {'brand_reputation_impact': 'High (potential reputational damage '
'due to exposure of sensitive PII and '
'ransomware threats)',
'data_compromised': True,
'identity_theft_risk': "High (exposure of SSNs, driver's license "
'numbers, and financial account '
'information)',
'legal_liabilities': 'Potential (class action lawsuits and '
'compensation claims initiated by Shamis & '
'Gentile P.A.)',
'payment_information_risk': 'High (financial account information '
'compromised)'},
'initial_access_broker': {'data_sold_on_dark_web': True},
'investigation_status': 'Ongoing (class action investigation by Shamis & '
'Gentile P.A.)',
'motivation': ['Financial Gain', 'Data Theft', 'Extortion'],
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'recommendations': ['Enroll in free TransUnion Cyberscout credit monitoring '
'and fraud assistance services',
'Monitor financial statements for suspicious activity',
'Place a fraud alert on credit reports',
'Request free annual credit reports from major bureaus',
'Seek legal assistance for potential compensation claims'],
'references': [{'source': 'Shamis & Gentile P.A. (Class Action '
'Investigation)'}],
'regulatory_compliance': {'legal_actions': ['Class action investigation by '
'Shamis & Gentile P.A. for '
'compensation claims']},
'response': {'communication_strategy': ['Sent breach notification letters to '
'affected individuals on 2025-11-12',
'Public investigation by Shamis & '
'Gentile P.A. for class action '
'claims'],
'incident_response_plan_activated': True,
'remediation_measures': ['Offered free TransUnion Cyberscout '
'credit monitoring and fraud assistance '
'services to affected individuals']},
'threat_actor': 'RHYSIDA',
'title': 'LaBella Associates Data Breach and Ransomware Attack',
'type': ['Data Breach', 'Ransomware Attack']}