Pease Mountain Law, PLLC disclosed a data security incident involving unauthorized access to an employee email account. The incident may have exposed sensitive personal information, including names and Social Security numbers, and the firm is offering complimentary credit monitoring services.
Pease Mountain Law, PLLC’s Data Breach Investigation
Pease Mountain Law, PLLC (“Pease Mountain”) reported a data security incident after discovering suspicious activity involving an employee email account. According to the firm’s notice, Pease Mountain promptly launched an investigation with the assistance of third-party specialists and took steps to secure the affected email account.
The investigation determined that an unknown actor gained access to an employee’s email account between July 21, 2025, and July 29, 2025. During that time, the unauthorized actor may have accessed or copied certain emails and attachments. Pease Mountain stated that it could not confirm whether information was actually accessed or copied, but it is notifying affected individuals out of caution because certain personal information was present in the potentially affected email materials.
After identifying the affected email account, Pease Mountain began a detailed review process to determine what information may have been included in the impacted emails and attachments. The firm completed that review on May 4, 2026, and began notifying affected individuals on May 20, 2026. The notice states that five Maine residents were notified.
The information potentially involved included names and Social Security numbers. The consumer notice also listed additional categories that may have been contained in the affected emails, including logins, driver’s license numbers, payment card information, financial account information, medical information, health insurance policy-related numbers, passport numbers, and information related to Pease Mountain’s representation of clients.
Email account breaches can be especially concerning because inboxes may contain years of messages, attachments, client communications, financial records, legal documents, and personal identifiers. When a law firm experiences this type of incident, affected individuals may face risks involving identity theft, financial fraud, account takeover, phishing, and exposure of confidential legal information.
In response, Pease Mountain stated that it secured the impacted email account, investigated the event, implemented additional technical safeguards, and is working to provide additional employee training. The firm also notified relevant regulators and the three major credit reporting agencies.
Pease Mountain is offering affected individuals 12 months of complimentary credit monitoring and identity protection services through TransUnion/Cyberscout. The firm also provided guidance on fraud alerts, credit freezes, free credit reports, and reporting suspected identity theft to the Federal Trade Commission, state attorneys general, and law enforcement.
When Did This Breach Occur?
Pease Mountain Law, PLLC reported that an unknown actor accessed an employee email account between July 21, 2025, and July 29, 2025. The review process was completed on May 4, 2026, and written notices began on May 20, 2026.
What Information Was Breached?
The information potentially involved may have included:
- Names
- Social Security numbers
- Logins
- Driver’s license numbers
- Payment card information
- Financial account information
- Medical information
- Health insurance policy-related numbers
- Passport numbers
- Client representation-related information
What You Can Do
If you received a notice from Pease Mountain Law, PLLC, review it carefully and enroll in the complimentary credit monitoring and identity protection services before the deadline.
You should also monitor bank accounts, payment cards, credit reports, insurance records, and medical statements for suspicious activity. If logins were involved, change passwords and enable multifactor authentication where available.
Because Social Security numbers, financial information, medical information, and passport numbers may have been involved, consider placing a fraud alert or credit freeze with Equifax, Experian, and TransUnion.
