Pena Briones McDaniel Breach Exposes 34GB of Data

On April 15, 2025, Pena Briones McDaniel & Co, a full-service accounting firm based in El Paso, Texas, experienced a ransomware attack. The Akira ransomware group claimed responsibility on the dark web, stating they had obtained 34 GB of critical documents from the company.

The attackers claimed responsibility for stealing 34 GB of sensitive corporate data. The breach was first reported on the dark web, where the Akira group posted evidence of their attack on the Tor network.

Exposed information includes names, Social Security numbers, driver's license and state ID numbers, marriage licenses, corporate licenses, contracts, personal passport scans, contact numbers and email addresses of employees and customers, as well as financial data such as audits, payment details and reports.

The firm began notifying affected individuals by mail on Aug. 8, 2025. The total number of impacted individuals has not been released, however is in the thousands.

Pena Briones McDaniel & Co disclosed the data breach to the Massachusetts and Texas Attorney Generals' offices beginning on Aug. 18 and Aug. 19, 2025. The cybersecurity incident was reported to the Maine Attorney General's office on Sept. 16, 2025. Impacted individuals includes 4,180 Texas residents, one in Maine and one in Massachusetts.

Pena Briones McDaniel & Co.'s response

In addition to required state and federal disclosures, the firm is offering 24 months of IDX credit monitoring services to affected individuals.

If you receive a data breach notice from Pena Briones McDaniel & Co, you may want to:

• Sign up for the free IDX credit monitoring services, offered by the firm.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

More information about the accounting firm can be found on the Pena Briones McDaniel & Co. website.