The incident began on May 21, 2026, when an attorney at Blank Rome was misled by a caller impersonating the firm’s IT staff. Under the guise of technical support, the attacker convinced the staff member to upload confidential client files to an external Google Drive account. The exposed data includes Social Security numbers, driver’s license details, financial account information, and private medical records of current, former, and prospective clients.
Blank Rome Faces Investigation Following Massive Data Exposure
A sophisticated social engineering attack against a Philadelphia-based law firm has compromised the sensitive personal records of 57,554 individuals. The breach, which occurred in late May 2026, has triggered a formal investigation by Schubert Jonckheer & Kolbe LLP into potential lapses in cybersecurity and notification protocols.

Blank Rome delayed alerting the affected parties until late June 2026, a timeframe that legal experts argue may fall short of mandatory federal and state notification requirements. Schubert Jonckheer & Kolbe LLP is currently reviewing the firm’s security practices to determine if the breach constitutes a violation of privacy laws. Impacted individuals may be eligible for damages and court-ordered mandates requiring the firm to overhaul its data protection infrastructure.




Comments (0)
No comments yet. Be the first!