Strauss Borrelli PLLC, a leading data breach law firm, is investigating Wellborn & Company, LLC (“Wellborn”) regarding its recent data breach. The Wellborn data breach may have involved sensitive personal identifiable information belonging to an undetermined number of individuals.
ABOUT WELLBORN & COMPANY, LLC:
Wellborn is an accounting firm based in New Mexico. Currently, Wellborn provides a range of accounting and tax services to individuals and businesses, including tax planning, QuickBooks consultation, tax preparation, business acquisition, and more.2 Clients serviced by Wellborn also include medical, dental and law practices; farms and ranches; and trusts and estates.2 Headquartered in Albuquerque, New Mexico, Wellborn employs approximately 3 individuals.2,4
WHAT HAPPENED?
Recently, Wellborn reported to the Attorney General of Vermont that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice, on August 11, 2025, the third-party IT vendor for Wellborn reported that it had experienced a ransomware event.1 As a result, Wellborn launched an investigation to determine the nature of the incident.
Through its investigation, Wellborn confirmed that the sensitive personal information in the IT vendor systems belonging to Wellborn may have been accessed and/or acquired by an unauthorized third party during the breach.1 As a result, Wellborn began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. As of October 13, 2025, the type of information impacted in the breach has not been made publicly available by Wellborn.¹ However, according to Vermont state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or other government issued ID card numbers (e.g., individual taxpayer ID number, passport number, military ID card number)
- Financial account number or credit or debit card number
- Unique biometric data (e.g., fingerprint, retina or iris image, or other unique biometric representation)
- Genetic information
- Health record or records of a wellness program or similar program of health promotion or disease prevention (e.g., healthcare professional’s medical diagnosis or treatment of the consumer, health insurance policy number)
On October 10, 2025, Wellborn began mailing data breach notification letters to impacted individuals. Based on the breach notice being sent to Vermont residents, Wellborn is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services.1 A link to the letters that Wellborn filed with the Attorney General of Vermont is below.
If you received a breach notification letter from Wellborn & Company, LLC:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
