Shillen Mackall & Seldon Listed by dragonforce Ransomware Group
Shillen Mackall Seldon Spicer & Fraas is a law firm dedicated to representing personal injury victims primarily in Vermont, New Hampshire, and Florida since 1980. They offer legal services for a wide range of personal injury cases, including car accidents, medical malpractice, and workers' compensation. The firm is committed to providing compassionate legal counsel and fighting for the rights of clients facing physical, emotional, and financial challenges after accidents. With a team of experienced attorneys, they strive to secure maximum compensation for their clients while ensuring a support
Shillen Mackall & Seldon was listed on the DragonForce ransomware leak site on July 15, 2026. The Vermont, New Hampshire, and Florida personal-injury law firm, which has represented clients since 1980, is the latest victim claimed in an active extortion campaign. Anyone who has been a client of the firm, or whose personal-injury case files may have passed through its systems, should assume their information is now in the hands of the attackers.
Confirmed Details from the Listing
The DragonForce leak site states that internal files were exfiltrated during a ransomware attack on Shillen Mackall Seldon Spicer & Fraas. The posting does not quantify how many records were taken, list specific data types, or disclose any ransom demand. It simply confirms that data was stolen and is being held for extortion. The firm has not yet issued a public client notification detailing the breach scope, so the exact volume and sensitivity of exposed information remain unknown to the public.
Why This Matters for You and Your Family
If you or a family member hired the firm after a car accident, workplace injury, or medical incident, sensitive details such as medical records, insurance information, financial data, and personal identifiers may have been taken. Internal files from a plaintiff’s law firm routinely contain full names, dates of birth, Social Security numbers, addresses, phone numbers, employment histories, and extensive medical histories. Exposure of this information creates immediate risk of identity theft, fraudulent loan applications, and targeted scams that reference your specific accident or injury. Because the breach involves a law firm, attorney-client communications and settlement documents could also be included, increasing the chance of embarrassment or further financial exploitation.
Doxxing and Identity-Chain Risks
Ransomware operators rarely stop at one dataset. Once personal details from the firm are released, they can be cross-referenced with other leaks to build complete identity profiles. A phone number taken from the law firm can link to your email, social-media handles, children’s school records, or even gaming accounts. These chains allow attackers to impersonate you, reset passwords on linked services, or sell the compiled dossier on dark-web marketplaces. The longer the data circulates, the harder it becomes to contain the damage.
DragonForce’s Known Track Record
Public reporting attributes DragonForce with emerging in late 2024 as a ransomware-as-a-service operation that provides tools and infrastructure to affiliate groups. The gang has claimed responsibility for attacks on healthcare providers, manufacturers, and professional-services firms. Their typical playbook begins with phishing or exploited remote-access credentials, followed by rapid lateral movement, data exfiltration, and then dual extortion: threatening both data publication and system encryption. The group maintains a leak site that is updated frequently, applying pressure through countdown timers and sample file releases. While the exact success rate is unclear, DragonForce listings have appeared alongside several other prominent ransomware names in recent months.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup handled by the service.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure surfaces in hours rather than months.
- Rotate any password you ever used with Shillen Mackall & Seldon and enable 2FA through an authenticator app on every account where that password was reused.
- Cover the entire household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same address and personal details.
- Let remediation specialists manage takedown requests for any exposed personal information appearing on data-broker or extortion sites.
The incident underscores that even regional law firms handling sensitive personal-injury matters are now routine targets. Staying ahead requires more than reactive checks; it demands ongoing visibility into how your information travels across the internet. DoxxScan by GalaxyWarden delivers that visibility through continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts vulnerable to credential-stuffing attacks that cascade from breaches like this one. Acting promptly limits what attackers can build from the Shillen Mackall & Seldon data before it spreads further.
Related breaches
Hughes Atwood & Mullaly pllc Listed by dragonforce Ransomware Group
Hughes Atwood & Mullaly PLLC is a full-service law firm that offers professional legal services to i…
Heritage Mechanical LLC Listed by dragonforce Ransomware Group
Built on a family legacy of proud steamfitters dating back to over 100 years, Heritage Mechanical wa…
Northeast Rescue Systems Listed by dragonforce Ransomware Group
Northeast Rescue Systems is a dedicated provider of specialized rescue, safety, and protective equip…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →