Back to Blog
high severity January 27, 2026 · scope unconfirmed

newkirklaw.com Listed by incransom Ransomware Group

Newkirk Zwagerman, P.L.C. is a law firm based in Des Moines, specializing in employment law and advocating for employees' rights. They provide legal services to individuals facing discrimination, harassment, and retaliation in the workplace, as well as those involved in executive employment disputes and Title IX actions. The firm serves clients in Iowa and Minnesota, offering personalized legal representation to help employees navigate complex employment issues. With a commitment to fairness and accountability, Newkirk Zwagerman, P.L.C. empowers clients to stand up against larger corporate ent

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed January 27, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On January 27, 2026, the Des Moines-based employment law firm Newkirk Zwagerman, P.L.C. appeared on the leak site of the ransomware group Incransom. Public reporting indicates the firm’s internal files were exfiltrated during a ransomware attack, although the exact number of people whose information was taken remains unknown.

Confirmed Details of the Breach

Available reporting describes the incident as a classic ransomware operation in which attackers gained access to the firm’s systems, encrypted data, and then exfiltrated files before demanding payment. The data exposed consists of internal files that a law firm of this type would typically hold: client records, employment dispute documentation, correspondence, and potentially sensitive personal details of individuals who sought legal help for discrimination, harassment, retaliation, or Title IX matters. The leak site listing carries the date January 27, 2026, and the firm has not yet issued a public statement confirming the volume or exact nature of the stolen data.

Newkirk Zwagerman specializes in representing employees across Iowa and Minnesota. Its clients include people who have brought claims against employers, executives in contract disputes, and students or staff involved in educational equity cases. Any of those individuals could now find their names, contact information, case notes, or financial details circulating on dark-web forums.

Why This Matters for You and Your Family

When a law firm that handles highly personal workplace and civil-rights matters is breached, the people most at risk are ordinary clients like you or members of your family. A single leaked employment complaint can contain your home address, phone number, email, Social Security number, salary history, medical information related to harassment claims, or details about children involved in school-related Title IX cases. Once that information leaves the firm’s controlled environment, it can be sold, traded, or used to open accounts in your name, file fraudulent tax returns, or pressure you for additional money.

Client records from employment cases are especially damaging because they often link family members together. A parent’s discrimination lawsuit might reference a child’s school records or a spouse’s employer. This creates a single point of failure that can affect everyone living at the same address.

The Doxxing and Identity-Chain Implications

Ransomware leaks rarely stop at one company’s files. Attackers and subsequent buyers frequently cross-reference the stolen data with information from earlier breaches. A seemingly minor email address found in the Newkirk Zwagerman files can be chained to gaming accounts, social-media handles, or old shopping-site passwords. This is exactly how doxxing campaigns begin: one document leads to a username, which leads to a linked phone number, which leads to public records that reveal your full home address and family relationships.

Credential leaks like this one cascade into account takeovers. If you or your children reuse any password that appears in the exfiltrated files, an attacker who obtains the Newkirk data can test those credentials across email, banking, and gaming platforms. Children’s gaming accounts are frequent targets because they often use family email addresses and contain chat logs that reveal even more personal details.

Incransom’s Publicly Known Track Record

Public reporting attributes Incransom with emerging in late 2024 as a double-extortion ransomware operation. The group is known for targeting mid-sized professional-services firms, including legal practices, medical offices, and accounting companies. Notable prior victims include other law firms and healthcare providers whose client files were published after ransom demands went unpaid. Their typical playbook involves initial access through phishing or exploited remote-desktop services, followed by exfiltration of sensitive folders, encryption of systems, and then posting samples on their leak site with countdown timers. They usually give victims a short window—often seven to fourteen days—before releasing additional batches of data.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity so you can see exactly what the Newkirk Zwagerman files may have exposed about you or your family.
  • Rotate the password used at any service mentioned in the breach anywhere it is reused, and switch on 2FA through an authenticator app rather than text messages.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught in hours instead of months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same addresses and emails.
  • Let remediation specialists handle takedown requests across data brokers and leak sites for you while you focus on securing accounts and talking with your family about what information should never be shared online.

The Newkirk Zwagerman breach is a reminder that even organizations you trust to protect sensitive personal stories can become gateways for identity theft and harassment. Taking concrete steps now limits how far attackers can travel down the identity chain that begins with this leak. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects scattered online handles to real-world identities, and hands-on remediation by specialists who manage takedowns so you do not have to. Its household coverage also protects children’s gaming accounts that frequently become the next link in doxxing campaigns.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.