Cornick Garber & Sandler LLP Data Incident Notice

If you received a letter about a recent Cornick, Garber & Sandler, LLP data incident, you may be worried about what happened and what it means for your personal information. Available regulatory filings indicate that certain sensitive data stored on the firm’s systems may have been affected. This page summarizes what is publicly known so far, what risks you should be aware of, and practical steps you can take to protect yourself. It also explains your legal rights if your information was involved. If you would like a free evaluation of your situation, you can contact Strauss Borrelli PLLC using the form on this page to see whether you may qualify for a claim.

Cornick, Garber & Sandler, LLP is a professional firm based in New York that provides legal services to individual and business clients. As part of its work, the firm maintains sensitive personal and financial information on its internal systems. A recent security event involving those systems has now been reported to regulators and potentially affected clients.

Key Facts at a Glance

• Entity involved: Cornick, Garber & Sandler, LLP (New York legal services firm).
• Type of event: Reported hacking / IT incident affecting the firm’s network.
• Timeframe of suspicious activity: According to a filing with the Maine Attorney General, the incident occurred between February 14 and March 26, 2025.
• Notice to individuals: Notification letters were reportedly sent on or around April 2, 2026.
• Information potentially involved: Social Security numbers, dates of birth, driver’s license numbers, and health insurance information.
• Approximate number of affected individuals: 5,864 people, according to regulatory reporting.
• Regulatory reporting: State Attorney General filings in Maine reference this incident.
  
  

What Happened?

Public information about the incident is limited, but regulatory filings indicate that the firm identified a network-related security issue sometime in early 2025. The matter has been classified for reporting purposes as a hacking or IT incident, suggesting that an unauthorized party may have interacted with systems that store personal information.

According to the Maine Attorney General filing, the activity in question took place between mid-February and late March 2025. After learning of the problem, the firm reports that it began an investigation with outside cybersecurity professionals to determine what happened and which files were involved. Once that review identified people whose information was present in the affected environment, notification letters were issued and regulators were informed.

The notice materials available to the public do not yet provide technical details such as how the intrusion occurred or whether any data was copied or misused. As a result, the description here is necessarily high level and may be updated if additional information becomes available from official sources.

What Information May Have Been Involved?

Based on information reported to the Maine Attorney General, the data elements that may have been present in the affected systems include one or more of the following for different people:

• Social Security numbers
• Dates of birth
• Driver’s license numbers
• Health insurance information, such as plan or policy details

Not everyone listed in the notice is expected to have had all of these data points involved, but the combination of Social Security, identification, and insurance information is highly sensitive. If you received a letter, it should specify which categories of your own information the firm believes were at risk.

How Could This Impact You?

When this type of personal information is exposed in a security incident, it can be misused in several ways, sometimes months or years later. Potential risks include:

• Financial identity theft: Criminals can use Social Security and date-of-birth details to try to open credit cards, loans, or other accounts in your name.
• Government benefits or tax fraud: Stolen identifiers can be used to file false tax returns or seek unemployment or other benefits using your identity.
• Driver’s license misuse: Driver’s license numbers can help create fake IDs, which may then be used in traffic violations or other criminal activity that appears tied to you.
• Health or insurance fraud: Health insurance information can sometimes be used to obtain medical services or prescriptions, which may alter your medical or insurance records.

Even if you do not see suspicious activity right away, the kind of data involved in this incident tends to have long-term value to identity thieves. Ongoing monitoring and prompt response to any irregularities are important.

What Is Cornick, Garber & Sandler, LLP Doing?

According to the notice and regulatory filings, the firm has engaged cybersecurity professionals to investigate the incident, contained the affected systems, and reviewed the data involved to identify impacted individuals. It has also reported the matter to state regulators and is mailing letters that outline the incident and offer guidance on protective steps.

Many organizations in similar situations offer complimentary credit monitoring or identity protection services, but the specific benefits in this case depend on the exact language of the letter you received. Be sure to read the notice carefully so you understand any services being provided and any enrollment deadlines.

What Should You Do Next?

If you recently received a notification letter referencing this data incident, consider taking the following steps to help protect yourself:

• Read and save the letter: Keep a copy of the notice and any enrollment codes it contains with your important records.
• Enroll in any free protection services offered: If the firm is providing credit monitoring or identity theft assistance, sign up as soon as possible and calendar any expiration dates.
• Review your credit reports: Request free copies of your credit reports from Equifax, Experian, and TransUnion at AnnualCreditReport.com and look for unfamiliar accounts or inquiries.
• Place a fraud alert or security freeze: Under federal law, you can place a free fraud alert or security freeze with the major credit bureaus, which can help prevent new credit from being opened in your name without additional verification.
• Monitor financial and insurance statements: Check bank, credit card, and health insurance statements for charges, claims, or services you do not recognize and report any suspicious activity immediately.
• Document any issues: If you notice signs of identity theft, keep detailed notes and copies of communications with banks, insurers, or government agencies.

If you believe your information was involved, you can also contact Strauss Borrelli PLLC using the form on this page to discuss your rights and to see whether you may qualify to pursue a legal claim.

Your Legal Options

Data privacy and consumer protection laws may give you rights if your personal information was exposed in a security incident and you suffer financial or other harm as a result. Depending on the facts, potential claims can involve allegations that an organization failed to use reasonable safeguards to protect data or did not provide timely and adequate notice of an incident.

In addition, if fraudsters use your information to open accounts that appear on your credit reports, the federal Fair Credit Reporting Act (FCRA) gives you important rights. These include the ability to obtain copies of your credit reports, dispute inaccurate information, and seek damages in court if consumer reporting agencies or certain other parties do not follow the law.

Available remedies in privacy and data-incident cases can include reimbursement of out-of-pocket expenses, compensation for time spent responding to the incident, and, in some circumstances, additional statutory or punitive damages. The viability and value of any claim will depend on your individual situation, the evidence available, and how courts interpret the relevant laws.

Speaking with an attorney experienced in data-incident litigation can help you understand whether you may have a viable claim and what deadlines apply. An initial case evaluation with Strauss Borrelli PLLC is confidential, and you are under no obligation to move forward.

Why Hire Strauss Borrelli PLLC?

Strauss Borrelli PLLC focuses on representing individuals in data breach, privacy, and consumer protection matters across the country. Our team understands both the technical aspects of cybersecurity incidents and the complex web of state and federal laws that govern how companies must protect and handle personal information.

The firm has extensive experience pursuing claims arising from large-scale data incidents and working to hold organizations accountable when consumers are put at risk. We carefully review each potential case, explain your options in plain language, and, in most matters, represent clients on a contingency-fee basis so you do not pay attorneys fees unless there is a recovery.

If you received a notice about this incident and want to explore your options, you can reach out to Strauss Borrelli PLLC for a free, no-obligation consultation.

Frequently Asked Questions

Why did I receive a letter about the Cornick, Garber & Sandler LLP data incident?

You likely received a letter because the firm’s investigation found that your information was stored in systems that may have been involved in the reported security incident. Organizations are generally required by state law to notify people when certain types of sensitive data could be at risk. The letter should outline what happened in general terms and which categories of your personal information may have been affected.

What types of personal information may have been involved?

According to information reported to regulators, the incident may have involved Social Security numbers, dates of birth, driver’s license numbers, and health insurance information for some individuals. Not everyone will have had all of these data points involved. Your notification letter is the best source for understanding exactly which categories of your own information were identified.

Do I need to place a credit freeze after this incident?

Placing a credit freeze or a fraud alert is a personal decision, but both are free under federal law and can provide added protection. A fraud alert requires lenders to take extra steps to verify your identity before opening new credit, while a freeze blocks most new credit checks unless you temporarily lift it. If you are concerned about identity theft, many consumer protection agencies recommend at least a fraud alert, and in some cases a freeze, especially when Social Security numbers are involved.

How much does it cost to have Strauss Borrelli PLLC review my situation?

There is no charge for an initial consultation with Strauss Borrelli PLLC about this incident. The firm typically handles data-incident and privacy cases on a contingency-fee basis, meaning attorneys’ fees are only collected if there is a monetary recovery. You can discuss the specific fee arrangement and any potential costs during your free case evaluation.