Riddell Law Group (“RLG”) recently disclosed a data breach after detecting suspicious activity within its network environment in October 2025. The incident resulted in unauthorized access to certain files that may have contained personal information. Affected individuals are now being notified and offered complimentary credit monitoring services.
Riddell Law Group’s Data Breach Investigation
On October 16, 2025, Riddell Law Group became aware of suspicious activity within its network. Upon discovery, RLG promptly shut down workstations, contacted its IT team, and engaged a specialized cybersecurity firm to conduct a forensic investigation into the nature and scope of the incident.
The forensic investigation was completed on November 11, 2025. Investigators determined that some RLG files were accessed by an unauthorized actor during the incident. After confirming unauthorized access, RLG conducted a comprehensive review of the affected systems to identify which individuals were impacted and what categories of personal information may have been involved.
Although the specific data elements were not fully detailed in the public notice, the incident involved personal information maintained in connection with legal services. Law firms often store highly sensitive information, including identifying and financial data, making them attractive targets for cybercriminals.
Following the discovery of the breach, RLG implemented additional technical security measures to reduce the likelihood of similar incidents in the future. These measures include changing all user passwords and implementing mandatory multi-factor authentication (MFA) for all users—an important step in strengthening account security.
While RLG has not publicly indicated evidence of identity theft or fraud directly resulting from the incident, unauthorized access to personal information can create long-term risks. Cybercriminals may use exposed information for identity theft, phishing attempts, or financial fraud months after a breach occurs.
Organizations entrusted with personal information have a duty to implement reasonable safeguards to protect it. When those safeguards fail, affected individuals may be left facing uncertainty and potential financial harm.
At Class Action U, we believe individuals should not have to navigate these risks alone. If your information was exposed, understanding your rights is an important step toward protecting yourself.
When Did This Breach Occur?
Riddell Law Group became aware of suspicious activity on October 16, 2025.
The forensic investigation concluded on November 11, 2025, confirming that unauthorized access to certain files had occurred.
What Information Was Breached?
According to the notice, the types of personal information that may have been subject to unauthorized access could include:
Affected individuals should carefully review their notification letter for details specific to their information.
What You Can Do
If you received a notification from Riddell Law Group, consider taking the following protective steps:
-
Enroll in the complimentary 12 months of Single Bureau Credit Monitoring, Credit Report, and Credit Score services provided through Cyberscout, a TransUnion company. Enrollment must be completed within 90 days from the date of the letter.
-
Monitor your financial account statements and credit reports for suspicious or unauthorized activity.
-
Consider placing a fraud alert or security freeze on your credit file.
-
Report suspected identity theft to your financial institution, the Federal Trade Commission, and local law enforcement.
-
Stay alert for phishing emails or phone calls referencing this incident.
Taking proactive action can help reduce your risk of identity theft and financial fraud.
File a Data Breach Lawsuit Against Riddell Law Group
If your personal information was exposed in the Riddell Law Group data breach, you may be eligible to pursue compensation. Data breaches involving law firms can be especially concerning due to the sensitive nature of the information stored.
Even in the absence of confirmed misuse, the exposure of personal data can result in time spent monitoring accounts, emotional distress, and an increased risk of identity theft. A class action lawsuit allows affected individuals to band together to seek accountability and financial recovery.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
