Cerenade Data Breach: 100 GB of Sensitive Data Stolen by Ransomware Group

On Oct. 2, 2025, Cerenade, a California-based provider of cloud-based legal and immigration case management software, experienced a data breach affecting documents uploaded to its system.

The breach occurred when the Akira ransomware group, who claimed responsibility for the attack on Oct. 8, 2025, infiltrated Cerenade’s network, compromising and downloading approximately 100 GB of sensitive corporate and client data. The company resolved the threat by Oct. 3, 2025, but the investigation revealed that a number of documents were accessed and downloaded by the unauthorized intruder.

The types of information exposed in this incident included personally identifiable information (PII): names, dates of birth, addresses, Social Security numbers, and passport numbers.

According to the U.S Department of Health and Services, 987 total individuals have been affected, including 535 in Texas and 15 Massachusetts.

Cerenade disclosed the breach to the California Attorney General, the Massachusetts OCABR, and the Texas Attorney General. The company has also disclosed a notice of the incident via PR Newswire.

Impacted individuals have been notified by mail.

Cerenade's response

In response to the breach, Cerenade took steps to secure its environment by locking down its network, updating firewalls and access policies and conducting a forensic investigation to determine the extent of the compromise. The company has since implemented additional safeguards to strengthen data security on its web server infrastructure.

If you receive notification from Cerenade about this breach, you may want to:

• Sign up for the free IDX identity theft protection services, offered by Cerenade.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.