Triple X ransomware operators reportedly stole about 1.5TB of data from the Law Offices US immigrationonline.com in the United States, including 24,900 passport files along with tax forms, ID cards/drivers’ licenses, and other sensitive personal information such as Social Security numbers, banking details, and contact records. The threat actors claim the stolen materials include confidential court case information, private attorney-client emails, and financial/contract documents, with potential leaks affecting U.S. residents and clients. #UnitedStates
Incident Details
- Victim: Law Offices US immigrationonline.com
- Sector: Business Services
- Country: US
- Actor: Triple X
- Source: http://6qqz6m3b6htudohg2mlf5gdcalonxy3sh5g4dix4mpyirjcgelqqufad.onion/immigrationonline.com/
- Discovered: 2026-06-13T10:07:27.122967+00:00
- Published: 2026-05-12T00:00:00+00:00
Information
- Approximately 1.5 terabytes of sensitive data were reportedly exposed from the firm’s systems.
- System overload and outdated software are said to have contributed to the exposure and increased the risk of leaks.
- The compromised material may include confidential court cases, such as lawsuits, complaints, and defense documents not yet filed publicly.
- Financial and banking records may be among the leaked data, including client accounts, contracts, and transaction details.
- Intellectual property materials may also be exposed, such as patents, designs, and private business agreements.
- Private correspondence and email communications between attorneys and clients may be included in the breach.
- Reportedly, 24,900 passport files are among the data at risk.
- Sample records suggest that employee and colleague tax forms are also affected.
- Identity documents, including ID cards and driver’s licenses, may be part of the leaked files.
- Financial, tax, and identity documents can contain full names, home addresses, Social Security numbers, banking details, and contact information.
- The situation was reportedly still reversible at one stage, with an opportunity to contain the damage before publication.
- Despite being aware of the risk to employees’ privacy and security, the company allegedly chose not to prevent the exposure.
- The data is reportedly being offered through a download link on the dark web.
Disclaimer: This post is based on public claims made by the ransomware group "Triple X". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.