The Wacks Law Group, a Whippany, New Jersey estate planning law firm with only six attorneys, was attacked by the Qilin ransomware group on March 9, 2024. Sensitive client data including Social Security numbers, driver’s licenses, and confidential estate planning documents was exfiltrated. The firm waited five months — until August 2024 — before notifying victims, triggering a class action lawsuit alleging negligence. Victims received 12 months of credit monitoring, which plaintiffs argued was inadequate given the sensitivity of the stolen data (estate planning files often contain highly personal financial and family information). The case highlights the outsized cybersecurity risk faced by small law firms that handle sensitive personal data but lack dedicated security resources.