Sax LLP Data Incident: What Affected Individuals Should Know

Public filings indicate that Sax LLP, also known as Sax Advisory Group, recently reported a data security incident involving its computer network. According to a notice submitted to the Maine Attorney General, information for approximately 228,876 individuals nationwide may have been affected. The potentially involved data includes highly sensitive details such as Social Security numbers, dates of birth, and government identification numbers. If you received a letter about this incident, you may be understandably concerned about identity theft and what to do next. This article explains what is known so far, steps you can take to protect yourself, and how Strauss Borrelli PLLC can help you understand your legal options.

Key Facts at a Glance

According to a notice submitted to the Maine Attorney General and related public information, the following details have been reported about the Sax LLP data security incident:

• Entity: Sax LLP, also known as Sax Advisory Group, is a financial services firm based in New Jersey. More information about Sax LLP is available on its website at https://saxadvisorygroup.com/.
• Type of incident: External system intrusion involving Sax’s computer network (hacking / IT incident).
• Incident timeframe: A Maine Attorney General filing indicates the security event occurred around July 30, 2024.
• Discovery and investigation: Sax reports that it identified unusual activity on its network on August 7, 2024, secured its systems, and worked with independent cybersecurity experts to investigate.
• Data review and notifications: Sax states that it completed a detailed review of potentially affected data in December 2025 and began mailing notification letters to potentially affected individuals on December 16, 2025.
• Number of people potentially affected: Approximately 228,876 individuals nationwide according to the Maine Attorney General’s portal.
• Types of data involved: The information varies by person and may include name, date of birth, Social Security number, driver’s license or state identification number, and/or passport number.
• Complimentary services: Sax is offering at least 12 months of identity protection services through Epiq, including credit monitoring, dark web monitoring, credit protection, and identity restoration and lost wallet assistance, for individuals whose Social Security numbers were involved.
• Regulatory notifications: The incident has been reported to several state Attorneys General, including Maine, California, and Massachusetts.

What Happened?

According to a notice dated December 22, 2025 and filed with the Maine Attorney General, Sax LLP reported that it detected unusual activity involving its network on August 7, 2024. In response, Sax states that it immediately took steps to secure its environment and engaged independent cybersecurity experts to investigate what occurred.

The forensic investigation reportedly determined that certain Sax data may have been accessed or acquired without authorization in connection with this incident. Because Sax handles personal and financial information, the company then undertook a comprehensive review of the data that may have been affected in order to identify which individuals’ information was involved and to gather up-to-date contact details for notification.

Sax indicates that this data review process concluded in December 2025. On or around December 16, 2025, the company began sending written notification letters via U.S. mail to individuals whose information was identified in the review, including approximately 244 residents of Maine. The Maine Attorney General’s online portal lists a total potentially affected population of about 228,876 individuals.

While these filings provide important context, they do not answer every question about how the unauthorized party gained access, how long they were in Sax’s systems, or exactly which files were viewed or acquired. Further details may emerge as additional investigations, regulatory inquiries, or litigation proceed.

What Information Was Exposed?

The specific information involved in the Sax LLP incident appears to vary from person to person. Based on the Maine Attorney General filing and a sample notification letter, the data that may have been affected includes one or more of the following:

• Full name
• Date of birth
• Social Security number
• Driver’s license number or state identification number
• Passport number

Not everyone affected will have had all of these data elements involved. For some people, the incident may have included only a subset of the above information. However, combinations such as name, date of birth, and Social Security number are especially sensitive and can be misused for identity theft, tax refund fraud, opening new credit lines, and other fraudulent activity.

If you received a letter from Sax, it should describe which categories of your personal information may have been involved and explain what services are being offered to you. Keep this letter in a safe place, as it may be important for monitoring, reporting, or any future legal claims.

What Should You Do Next?

If you believe your information may have been involved in the Sax LLP incident, there are several practical steps you can take to help protect yourself:

1. Read the Sax LLP notification letter carefully. Confirm that the letter is legitimate, review what information about you may have been affected, and note any deadlines to enroll in complimentary services.
2. Enroll in the free identity protection services, if offered. Sax is offering at least 12 months of services through Epiq for individuals whose Social Security numbers were involved. These services typically include credit monitoring, dark web monitoring, and identity restoration assistance. You generally must take affirmative steps and use the activation code in your letter to enroll.
3. Monitor your financial accounts and statements. Regularly review bank, credit card, and investment account activity for unfamiliar or suspicious transactions. Report any unauthorized charges to your financial institution immediately.
4. Check your credit reports. Obtain your credit reports from the three major credit bureaus and look for new accounts or inquiries you do not recognize. You are entitled to free credit reports at regular intervals under federal law.
5. Consider placing a fraud alert or security freeze. A fraud alert tells lenders to take extra steps to verify your identity before extending new credit. A security freeze (also called a credit freeze) restricts most new creditors from accessing your credit report altogether, which can make it harder for someone to open new accounts in your name.
6. Be cautious about phishing and scams. Criminals sometimes use data incidents as an opportunity to send convincing emails, texts, or calls pretending to be from the impacted company, a bank, or a government agency. Do not click links or provide information unless you have independently confirmed the request.
7. Watch for signs of identity theft. Debt collection calls about accounts you did not open, mail for unfamiliar services, or unexpected tax filings in your name can all be red flags. If you suspect misuse of your information, consider filing reports with your local law enforcement, the Federal Trade Commission, and relevant financial institutions.
8. Consider speaking with a data privacy attorney. An attorney experienced in data security incidents, such as Strauss Borrelli PLLC, can help you understand your rights, evaluate any financial or time losses, and determine whether you may have legal claims arising from this incident.

Your Legal Rights

When companies experience data security incidents that may involve Social Security numbers or other highly sensitive information, affected individuals may have rights under state and federal law. Those rights can include the right to receive notice of the incident, to obtain information about what occurred, and, in some circumstances, to seek compensation for certain types of harm.

Many states have data security and data breach notification laws that require organizations to use reasonable safeguards to protect personal information and to provide timely notice if that information may have been accessed without authorization. If a company fails to meet these obligations, consumers may be able to bring claims under negligence, consumer protection statutes, or specific data breach laws, depending on the state.

Potential recoverable losses in data incident cases can include documented out-of-pocket expenses (such as fees for credit monitoring or identity restoration), unreimbursed fraudulent charges, time spent addressing the fallout of the incident, and, in some jurisdictions, statutory damages or injunctive relief requiring stronger data security practices. The availability and scope of these remedies vary significantly by state and by the specific facts of the incident.

Importantly, accepting complimentary credit monitoring or identity protection services from Sax does not usually waive your legal rights. You can often enroll in those services and still explore your legal options. However, strict deadlines—known as statutes of limitations—can limit how long you have to bring a claim, so it is wise to seek legal guidance promptly if you are considering taking action.

This article is for general informational purposes only and does not constitute legal advice. To obtain advice about your particular situation, you should consult directly with an attorney licensed in your state.

Why Hire Strauss Borrelli PLLC?

Strauss Borrelli PLLC focuses on representing individuals whose personal information may have been exposed in data security and privacy incidents. Our attorneys closely follow large-scale incidents involving financial services and professional firms and are familiar with the common patterns, risks, and legal issues that arise in these cases.

If you received a Sax LLP notification letter or believe your information may have been involved, our firm can:

• Review your notification letter and help you understand what it means for you and your family.
• Explain the legal landscape in your state, including any data breach or consumer protection laws that may apply.
• Assess your documented losses, time spent, and ongoing risks related to potential identity theft.
• Discuss possible legal options, including individual or collective actions, where appropriate.

We offer free, confidential consultations for individuals seeking to understand their rights following data security incidents. In many cases, we represent clients on a contingency-fee basis, meaning you do not pay attorneys’ fees unless we obtain a recovery for you. Contact Strauss Borrelli PLLC to learn more about your options in connection with the Sax LLP data incident.