Chapman & Associates PC Data Incident: Your Rights

According to a notice sent in January 2026 and a filing with the California Attorney General, Chapman & Associates PC reported a network security incident that may have exposed personal information for people involved in transactions or litigation handled by the firm. If you received a letter about this event, you may be unsure what it means, what information of yours was involved, or how to protect yourself. This page summarizes what is publicly known so far, outlines practical steps you can take now, and explains the legal rights that may be available to you. If you want help reviewing your situation, you can contact Strauss Borrelli PLLC by filling out the form on this page to see whether you may qualify for a potential claim.

Chapman & Associates PC is a private law firm that provides legal services and, according to a notice filed with regulators, maintains offices in California, Michigan, and Florida. In the course of handling transactions and litigation, the firm collects and stores personal information on its computer network.

Key Facts at a Glance

• Business: A law firm with offices in CA, MI, and FL that handled your legal matter.
• Incident type: Reported network security / hacking-related IT incident affecting the firm’s computer network.
• Incident discovery: According to the notice, the firm detected the issue on January 31, 2025.
• Potential impact: An unauthorized third party may have accessed files containing personal information tied to legal matters.
• Review period: The firm reports confirming your data as potentially affected on or about December 31, 2025.
• Notification: Letters dated January 8, 2026 were mailed to people the firm identified as potentially affected, and a filing was made with the California Attorney General.
• Data elements: The public notice references at least first and last name; additional details may differ by person.
• Remedial steps: The firm says it secured its systems and is offering 12 months of single-bureau credit monitoring through Cyberscout.

What Happened?

According to the notice sent to affected individuals, the firm experienced a network security incident involving its computer systems on or about January 31, 2025. Upon detecting unusual activity, it engaged third-party forensic specialists to help secure the environment and determine the nature and scope of the incident.

The investigation reportedly found that an unauthorized third party may have accessed certain files containing personal information connected to legal matters and transactions the firm handled. A subsequent, detailed review of the affected data was conducted to identify whose information was present, and by around December 31, 2025 the firm determined that your information may have been among the impacted records.

The notice states that, from the date the issue was discovered through the time of notification, the firm had not received reports of identity theft linked to this incident. As part of its response, it reports implementing additional security safeguards and arranging complimentary credit monitoring and fraud assistance services for those who choose to enroll.

What Information Was Exposed?

The publicly available version of the notice gives limited detail about the specific data elements involved. It indicates that personal information the firm collected in connection with your transaction or litigation matter may have been accessed, and it specifically references at least first and last name. Other categories of information, if any, are not fully listed in the redacted notice and may differ from person to person.

Because the exact data types are not known from public filings, you should carefully review your individual letter, which should describe what information of yours may have been impacted. Even if only your name was involved, it can still reveal your association with a particular legal matter, so staying alert is important.

What Should You Do Next?

1. Read your notice carefully. Confirm that the letter you received is genuine and keep it with your records. Note the dates, any listed data elements, and the enrollment deadline for credit monitoring.
2. Enroll in the offered credit monitoring. The firm has arranged single-bureau credit monitoring, credit report, and credit score services through Cyberscout for 12 months. To take advantage, use the activation website and code provided in your letter, and enroll within 90 days of the letter date.
3. Check your credit reports. Obtain your reports from the three nationwide bureaus at AnnualCreditReport.com and look for unfamiliar accounts, inquiries, or address changes.
4. Consider a fraud alert or security freeze. A fraud alert or freeze can make it harder for someone to open new credit in your name. Instructions for placing these protections with Equifax, Experian, and TransUnion are included in the notice.
5. Monitor financial and online accounts. Review bank, credit card, and insurance statements, and secure your online accounts with strong, unique passwords and multi-factor authentication.
6. Document any suspicious activity. Save copies of emails, letters, credit reports, and account statements showing unusual charges or account changes.
7. Talk with a data-privacy attorney. If you received a notice about this incident, consider contacting Strauss Borrelli PLLC using the form on this page to learn whether you may have legal options or potential claims.

Your Legal Rights

Data security and privacy laws generally require organizations that hold personal information to use reasonable safeguards and to notify people when that information may have been accessed without authorization. Depending on where you live and the type of information involved, you may have rights under state consumer-protection, privacy, or negligence laws.

In many data-incident cases, affected individuals may be able to seek compensation for out-of-pocket expenses, time spent monitoring and repairing credit, and, in some circumstances, identity theft losses or emotional distress. Courts and regulators also examine whether a company provided timely and adequate notice.

Whether you have a viable claim related to this incident will depend on your specific situation, including the data involved and any harm you have experienced. Speaking with an attorney can help you understand your options and any filing deadlines. This article is for general informational purposes only and is not legal advice.

Why Hire Strauss Borrelli PLLC?

Incidents involving professional-service firms can be complex, especially when they arise from legal matters that are already stressful. Strauss Borrelli PLLC focuses on representing individuals in data privacy and security cases and understands how these events can disrupt everyday life.

Our attorneys have represented thousands of data breach victims in cases involving healthcare, retail, and financial services companies. We investigate what happened, evaluate the strength of potential claims, and work to hold companies accountable where the law supports it. If you received a notice about this incident and want to understand your rights, you can contact Strauss Borrelli PLLC to discuss your situation and possible next steps.

Frequently Asked Questions

How do I know if I was affected by the Chapman & Associates PC data incident?

People believed to be affected were sent written notices dated January 8, 2026, describing a network security incident and offering credit monitoring. If you received such a letter referencing Chapman & Associates PC and Cyberscout services, your information was likely identified as potentially involved. If you are unsure, you can contact the firm or the credit monitoring provider listed in your notice to confirm.

What personal information may have been involved in this incident?

According to the notice, the incident may have involved personal information the firm collected in connection with your transaction or litigation matter. The redacted version of the notice confirms at least first and last name but does not publicly list all possible data elements. Your individual letter should specify which types of information related to you (if any) may have been impacted, so it is important to review it closely.

Is the free Cyberscout credit monitoring safe to use?

The notices explain that the firm arranged 12 months of single-bureau credit monitoring, credit report, and credit score services through Cyberscout, a TransUnion company. To reduce the risk of phishing, type the enrollment web address shown in your letter directly into your browser rather than clicking links in unsolicited emails. Enrolling typically requires you to provide some personal details to verify your identity, which is standard for credit monitoring services.

What signs of identity theft should I watch for after this incident?

Watch for unfamiliar accounts or hard credit inquiries on your credit reports, new credit cards or loans you did not request, collection notices for debts you do not recognize, or unexpected address or phone-number changes on existing accounts. Also be cautious about emails, calls, or texts asking for sensitive information, especially if they reference this incident. If you notice anything suspicious, contact the relevant bank or creditor immediately and consider filing a report with the Federal Trade Commission or local law enforcement.

Do I need a lawyer if there is no evidence my data has been misused?

Even if you have not yet seen fraudulent charges or identity theft, you may still have legal rights related to the incident, including the time and effort spent monitoring your accounts and any anxiety or disruption it has caused. A data-privacy lawyer can help you understand whether you may have a claim based on the security practices, the type of information involved, and your circumstances. Speaking with Strauss Borrelli PLLC does not obligate you to move forward, but it can clarify your options.