Greenbaum Rowe Smith & Davis Data Breach Investigation
Greenbaum Rowe Smith & Davis LLP has reported a cybersecurity incident that, according to its notice, may have involved protected health information and certain personal data connected to healthcare provider clients. If you received a letter, you may be wondering what information was involved, whether your identity is at risk, and what to do now. Below, we summarize the reported facts, practical steps you can take, and the legal issues people often ask about after a data incident. If you want to explore whether you may have a claim, you can fill out the form on this page to contact Strauss Borrelli PLLC.
Greenbaum Rowe Smith & Davis LLP is a New Jersey law firm that provides legal services. According to the published notice, the firm represents certain healthcare providers, including hospitals and health systems such as Atlantic Health System, which is why patient information may have been accessible in the course of that work.
Key Facts at a Glance
- Company: Greenbaum Rowe Smith & Davis LLP, a New Jersey legal services firm.
- Type of incident: Reported hacking/IT incident involving unauthorized access through a compromised user account, according to the notice.
- Reported incident window: November 25, 2025 to November 27, 2025.
- Reported discovery date: November 27, 2025.
- Public listing date: May 18, 2026.
- Notice date: June 8, 2026.
- Affected count: A public filing lists 12,801 potentially affected individuals.
- Information that may have been involved: Name, address, medical and health insurance information, and for some individuals Social Security number and/or date of birth.
- Identity protection: The notice says IDX identity theft protection services are being offered.
What Happened?
According to a notice published on Greenbaum’s behalf, the firm reported discovering unauthorized access to its systems on November 27, 2025 through a compromised user account. The same notice states that the activity occurred between November 25 and November 27, 2025 and that certain information was acquired by an unauthorized third party from its systems.
The notice says Greenbaum contained the activity, investigated with outside cybersecurity experts, reset passwords, replaced compromised machines, and notified law enforcement. It also states that reviewing the affected files and identifying potentially impacted individuals took several months. Greenbaum further stated that it was not aware of identity theft or fraud related to the incident at the time of the notice.
What Information Was Exposed?
The notice indicates that the information involved may have included individuals’ names, addresses, and health information. Reported health-related data elements included one or more of the following: medical record number, account number, diagnosis, clinical information, medical history, treatment or procedure information, provider, dates of service, medical cost, and health insurance information.
For a subset of individuals, Social Security numbers and/or dates of birth may also have been included. Because the reported incident involved patient-related information connected to healthcare providers, affected people should pay attention to both financial identity risks and possible medical identity misuse, even if no confirmed misuse has been publicly reported.
What Should You Do Next?
- Read any notice you received carefully. Keep the letter, note any reference numbers, and save all documents related to the incident.
- Enroll in the offered IDX protection if you are eligible. The notice says identity theft protection services are available. If you need help, IDX can be reached at 1-844-685-6447, Monday through Friday, 9 a.m. to 9 p.m. Eastern, excluding holidays.
- Monitor your accounts and healthcare records. Review bank statements, insurance explanations of benefits, provider bills, and patient portal activity for anything you do not recognize.
- Check your credit and consider added protections. If your Social Security number or date of birth may have been involved, consider placing a fraud alert or credit freeze and review your free credit reports for suspicious activity.
- Document problems and ask questions early. Keep records of any time spent, expenses, denied claims, fraudulent charges, or collection issues. If you want to understand whether you may qualify for a claim, fill out the form on this page to contact Strauss Borrelli PLLC.
Your Legal Rights
When a company reports that personal or health information may have been involved in a cybersecurity incident, affected individuals may have rights under state and federal law. Depending on the facts, those rights can include receiving notice, accessing any offered protection services, and seeking compensation if inadequate safeguards or delayed notice caused legally recognizable harm.
Whether a claim exists depends on the type of information involved, what security measures were in place, how the incident unfolded, and whether the exposure led to losses or other concrete problems. Keeping your notice letter, credit monitoring records, and any evidence of suspicious activity can help you evaluate your options with counsel.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC represents individuals in data-breach and privacy matters and understands how to investigate reported cybersecurity incidents, notification practices, and the real-world disruption that can follow exposure of sensitive information. Our team can review the available facts, explain your options in plain English, and help you determine whether the reported Greenbaum Rowe Smith & Davis incident supports a potential claim.
If you received a notice or believe your information may have been involved, you can contact Strauss Borrelli PLLC for a free review using the form provided on this page.
If you received a breach notification letter from Greenbaum Rowe Smith & Davis LLP:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
