The Vermont Office of the Attorney General disclosed a data breach affecting Zeiger, Tigges & Little, LLP on September 18, 2024, stemming from an incident on July 17, 2024. A threat actor infiltrated the firm’s systems, copying and encrypting computer files containing sensitive personal information. The exposed data includes individuals' names, dates of birth, home addresses, phone numbers, and Social Security numbers—highly valuable identifiers for identity theft or fraud. The breach suggests a targeted cyber intrusion, likely involving ransomware given the encryption of files, though the report does not explicitly confirm a ransom demand. The compromised data belongs to clients or associated individuals, posing significant risks of financial fraud, identity theft, and long-term reputational harm to the law firm. Legal firms are high-value targets due to the sensitive nature of their client records, which often include confidential legal, financial, or personal details. The incident underscores vulnerabilities in cybersecurity defenses, particularly against data exfiltration and encryption-based attacks. While the full scope of the breach (e.g., number of affected individuals) remains undisclosed, the exposure of Social Security numbers elevates the severity, as such data is irreplaceable and can facilitate persistent criminal exploitation. The firm may face regulatory scrutiny, client lawsuits, and mandatory breach notifications under state and federal laws (e.g., Vermont’s data breach statute or the Gram-Leach-Bliley Act for financial data).
Source: https://ago.vermont.gov/document/2024-09-18-zeiger-tigges-little-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/zeiger-tigges-&-little-llp
"id": "zei019091825",
"linkid": "zeiger-tigges-&-little-llp",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'legal services',
'location': 'Vermont, USA',
'name': 'Zeiger, Tigges & Little, LLP',
'type': 'law firm'}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': ['names',
'dates of birth',
'home addresses',
'phone numbers',
'social security '
'numbers'],
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personally identifiable '
'information (PII)']},
'date_detected': '2024-07-17',
'date_publicly_disclosed': '2024-09-18',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach involving Zeiger, Tigges & Little, LLP on September '
'18, 2024. The breach occurred on July 17, 2024, when certain '
'computer files were copied and encrypted by a threat actor, '
"potentially exposing individuals' names, dates of birth, home "
'addresses, phone numbers, and social security numbers.',
'impact': {'data_compromised': ['names',
'dates of birth',
'home addresses',
'phone numbers',
'social security numbers'],
'identity_theft_risk': 'high'},
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'references': [{'date_accessed': '2024-09-18',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
'Attorney General']},
'title': 'Data Breach at Zeiger, Tigges & Little, LLP',
'type': ['data breach', 'ransomware']}