If you received a letter about a recent Cornick, Garber & Sandler, LLP data incident, you may be worried about what happened and what it means for your personal information. Available regulatory filings indicate that certain sensitive data stored on the firm’s systems may have been affected. This page summarizes what is publicly known so far, what risks you should be aware of, and practical steps you can take to protect yourself. It also explains your legal rights if your information was involved. If you would like a free evaluation of your situation, you can contact Strauss Borrelli PLLC using the form on this page to see whether you may qualify for a claim. Cornick, Garber & Sandler, LLP is a professional firm based in New York that provides legal services to individual and business clients. As part of its work, the firm maintains sensitive personal and financial information on its internal systems. A recent security event involving those systems has now been reported to regulators and potentially affected clients. Key Facts at a Glance Entity involved: Cornick, Garber & Sandler, LLP (New York legal services firm). Type of event: Reported hacking / IT incident affecting the firm’s network. Timeframe of suspicious activity: According to a filing with the Maine Attorney General, the incident occurred between February 14 and March 26, 2025. Notice to individuals: Notification letters were reportedly sent on or around April 2, 2026. Information potentially involved: Social Security numbers, dates of birth, driver’s license numbers, and health insurance information. Approximate number of affected individuals: 5,864 people, according to regulatory reporting. Regulatory reporting: State Attorney General filings in Maine reference this incident. What Happened? Public information about the incident is limited, but regulatory filings indicate that the firm identified a network-related security issue sometime in early 2025. The matter has been classified for reporting purposes as a hacking or IT incident, suggesting that an unauthorized party may have interacted with systems that store personal information. According to the Maine Attorney General filing, the activity in question took place between mid-February and late March 2025. After learning of the problem, the firm reports that it began an investigation with outside cybersecurity professionals to determine what happened and which files were involved. Once that review identified people whose information was present in the affected environment, notification letters were issued and regulators were informed. The notice materials available to the public do not yet provide technical details such as how the intrusion occurred or whether any data was copied or misused. As a result, the description here is necessarily high level and may be updated if additional information becomes available from official sources. What Information May Have Been Involved? Based on information reported to the Maine Attorney General, the data elements that may have been present in the affected systems include one or more of the following for different people: Social Security numbers Dates of birth Driver’s license numbers Health insurance information, such as plan or policy details Not everyone listed in the notice is expected to have had all of these data points involved, but the combination of Social Security, identification, and insurance information is highly sensitive. If you received a letter, it should specify which categories of your own information the firm believes were at risk. How Could This Impact You? When this type of personal information is exposed in a security incident, it can be misused in several ways, sometimes months or years later. Potential risks include: Financial identity theft: Criminals can use Social Security and date-of-birth details to try to open credit cards, loans, or other accounts in your name. Government benefits or tax fraud: Stolen identifiers can be used to file false tax returns or seek unemployment or other benefits using your identity. Driver’s license misuse: Driver’s license numbers can help create fake IDs, which may then be used in traffic violations or other criminal activity that appears tied to you. Health or insurance fraud: Health insurance information can sometimes be used to obtain medical services or prescriptions, which may alter your medical or insurance records. Even if you do not see suspicious activity right away, the kind of data involved in this incident tends to have long-term value to identity thieves. Ongoing monitoring and prompt response to any irregularities are important. What Is Cornick, Garber & Sandler, LLP Doing? According to the notice and regulatory filings, the firm has engaged cybersecurity professionals to investigate the incident, contained the affected systems, and reviewed the data involved to identify impacted individuals. It has also reported the matter to state regulators and is mailing letters that outline the incident and offer guidance on protective steps. Many organizations in similar situations offer complimentary credit monitoring or identity protection services, but the specific benefits in this case depend on the exact language of the letter you received. Be sure to read the notice carefully so you understand any services being provided and any enrollment deadlines. What Should You Do Next? If you recently received a notification letter referencing this data incident, consider taking the following steps to help protect yourself: Read and save the letter: Keep a copy of the notice and any enrollment codes it contains with your important records. Enroll in any free protection services offered: If the firm is providing credit monitoring or identity theft assistance, sign up as soon as possible and calendar any expiration dates. Review your credit reports: Request free copies of your credit reports from Equifax, Experian, and TransUnion at AnnualCreditReport.com and look for unfamiliar accounts or inquiries. Place a fraud alert or security freeze: Under federal law, you can place a free fraud alert or security freeze with the major credit bureaus, which can help prevent new credit from being opened in your name without additional verification. Monitor financial and insurance statements: Check bank, credit card, and health insurance statements for charges, claims, or services you do not recognize and report any suspicious activity immediately. Document any issues: If you notice