Cerenade Data Breach: 100 GB of Sensitive Data Stolen

On Oct. 2, 2025, Cerenade, a California-based provider of cloud-based legal and immigration case management software, experienced a significant data breach affecting documents uploaded to its system.

The breach occurred when the Akira ransomware group infiltrated Cerenade’s network, compromising and downloading approximately 100 GB of sensitive corporate and client data. The stolen documents included scanned client records such as passports, visas and documents from clients in the United States, India, Mexico, the Middle East, Japan and other countries.

The company resolved the immediate threat by Oct. 3, 2025, but the investigation revealed that a limited number of documents were accessed and downloaded by the unauthorized intruder. The types of information exposed in this incident included personally identifiable information (PII): names, dates of birth, Social Security numbers and passport numbers.

The Akira ransomware group publicly claimed responsibility for the attack on Oct. 8, 2025, posting on the Tor network that they had obtained the data. As of now, Cerenade has not disclosed the exact number of individuals affected, but the breach’s scope is considered severe given the nature of the information compromised and the international reach of the documents involved.

Cerenade disclosed the breach to the California Attorney General’s office on Jan. 2, 2026. Impacted individuals have been notified by mail.

Cerenade's response

In response to the breach, Cerenade immediately took steps to secure its environment by locking down its network, updating firewalls and access policies and conducting a forensic investigation to determine the extent of the compromise. The company has since implemented additional safeguards to strengthen data security on its web server infrastructure.

If you receive notification from Cerenade about this breach, you may want to:

• Sign up for the free IDX identity theft protection services, offered by Cerenade.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.