What is known about the Sax LLP incident
Public summaries indicate that Sax LLP identified unusual activity on its network on or about August 7, 2024. The firm reportedly secured its systems and initiated an internal review to determine whether unauthorized access to data had occurred.
Notification letters were reportedly sent beginning in December 2025, after the review concluded and Sax was able to determine which individuals may have been affected.
As with many professional-services data incidents, early disclosures often focus on confirmation of access rather than detailed forensic findings, and additional information may emerge as investigations continue.
What types of data may be at risk
Summaries of the incident describe potential exposure of sensitive personal information, which may include combinations of the following:
- Full name and date of birth
- Social Security number
- Driver’s license or state identification number
- Passport number
Reports estimate that up to approximately 228,000 individuals may have been affected. Whether your information was involved depends on the contents of any notice you received from Sax LLP.
What to do if you received a Sax LLP breach notice
Preserve records
- Retain the notification letter and any enclosures.
- Save digital copies in a secure location.
- Document the date you received the notice and any actions you take.
Protect your identity
- Consider placing a credit freeze with the major credit bureaus if sensitive identifiers were involved.
- Alternatively, place a fraud alert if you prefer a less restrictive option.
- Monitor bank, credit card, and financial accounts for unusual activity.
Be alert to follow-on scams
- Be cautious of emails or calls offering “breach compensation.”
- Avoid clicking links or providing personal information without independent verification.
- Legitimate organizations do not request full Social Security numbers by email.
From an organizational perspective, incidents like this highlight the importance of maintaining documented privacy programs, tested incident-response plans, and defensible data-handling practices. Many businesses use platforms such as CaptainCompliance.com to operationalize consent management, DSAR workflows, and audit-ready privacy disclosures.
Role of Edelson Lechtzin LLP
Edelson Lechtzin LLP has stated that it is investigating potential claims on behalf of individuals whose personal information may have been compromised in connection with the Sax LLP incident.
Investigations of this nature typically involve reviewing breach notices, identifying impacted data categories, evaluating potential harm such as identity theft or fraud, and determining whether collective legal action may be appropriate.
An investigation alone does not mean litigation has already been filed, but it does indicate that legal options are being evaluated.
About Edelson Lechtzin LLP
Edelson Lechtzin LLP is a U.S.-based class action law firm representing consumers, employees, and investors in complex litigation. The firm focuses on matters involving alleged misconduct that affects large groups of people, where class or collective actions may provide an efficient path to relief.
Practice areas
The firm’s practice areas include securities litigation, ERISA and employee benefits disputes, wage and hour claims, consumer protection matters, and other complex commercial cases. Data breach and privacy matters are often evaluated within this broader consumer-protection framework.
Firm leadership
The firm was founded by Marc H. Edelson and Eric Lechtzin, both experienced litigators with backgrounds in large- scale and high-stakes cases. Public biographies emphasize decades of combined experience and significant recoveries achieved on behalf of clients.
Purpose of breach alerts
Breach alerts are typically issued to inform potentially affected individuals while allowing law firms to gather information needed to assess the scope of an incident, potential claims, and the suitability of class-based litigation.
- Sax LLP reported a cybersecurity incident discovered in August 2024, with notices issued in December 2025.
- Potentially impacted data may include highly sensitive personal identifiers.
- Edelson Lechtzin LLP is investigating possible claims related to the incident.
- Individuals who received notices should act promptly to protect their personal and financial information.
