Back to Blog
high severity March 26, 2026 · scope unconfirmed

Richard J. Hackerman P.A. Listed by pear Ransomware Group

Tax Attorney and Bankruptcy Lawyer in Baltimore

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed March 26, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On March 26, 2026, a Baltimore-based law firm specializing in tax and bankruptcy cases appeared on the leak site of the pear ransomware group. Richard J. Hackerman P.A. had its internal files exfiltrated following a ransomware attack, placing sensitive client information at risk of public release.

Confirmed Facts from Reporting

Public reporting indicates the firm’s data was stolen and is now listed for potential publication on the group’s onion site. The breach involves internal files that likely contain client names, financial records, tax documents, Social Security numbers, addresses, and court filings. No exact victim count has been disclosed, and the precise date of initial compromise remains unconfirmed in available reporting. The listing appeared on the pear leak site, which ransomware.live tracks as an active extortion platform.

Why This Matters for You and Your Family

If you have ever worked with a tax attorney, bankruptcy lawyer, or any professional who stores personal financial documents, this incident directly affects you. Tax records and bankruptcy filings often include your full name, date of birth, Social Security number, bank account details, and family member information. Once such data leaves a law firm’s control, it can circulate for years on dark-web markets. Criminals combine it with other leaks to build complete profiles that enable identity theft, fraudulent loan applications, tax-refund scams, or even targeting of your children’s records. Ordinary families who assume their lawyer’s office is secure are now exposed by attacks like this one.

The Doxxing and Identity-Chain Implications

Leaked legal files rarely stay isolated. A single document can link your email address, phone number, home address, and employer. Attackers then search for the same details across gaming platforms, social media, and data-broker sites. This creates an identity chain that leads to doxxing, account takeovers, and harassment. Credential leaks of this nature frequently cascade into gaming account compromises because children and parents often reuse passwords or security questions derived from family legal or financial records. What begins as a law-firm breach can end with a stranger controlling your child’s Roblox, Fortnite, or Discord account and using it to extract further personal information.

What to Do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the included no-subscription cleanup of data-broker listings tied to the breach.
  • Rotate any password you ever used at Richard J. Hackerman P.A. or similar legal services, and enable 2FA through an authenticator app rather than text messages.
  • Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next exposure of your information is caught within hours instead of months.
  • Cover the entire household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same address or parental email.
  • Let remediation specialists handle takedown requests and negotiations with data brokers on your behalf while you focus on securing accounts at home.

The pear group’s public track record shows it emerged in late 2024 and has targeted mid-sized professional services firms, publishing sensitive client data when ransom demands go unpaid. Public reporting attributes to them a standard playbook of initial access through phishing or remote-desktop vulnerabilities, followed by exfiltration of documents and extortion via leak-site pressure rather than pure encryption. Families should treat every new listing on such sites as a prompt to act, not wait for confirmation that their specific file was released.

Protecting yourself no longer ends with changing a password. A forward-looking approach requires ongoing visibility into where your information surfaces and swift action to break the chains before criminals exploit them. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to close the gaps this breach and future ones can create.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.