Data Breach Notification

Mr. Sean Modjarrad,

Roughly 2 terabytes of highly sensitive client data were transferred from your company's servers.

The exposed data includes:

• Social Security Numbers (SSNs)
• Passport numbers
• Confidential legal case files
• Privileged attorney-client communications

This is a direct violation of both federal law and Texas state data protection statutes.

These laws impose strict requirements for handling personally identifiable information (PII), especially SSNs and confidential legal documents. They also carry severe penalties for unauthorized access, transfer, or failure to notify affected parties.

It is important to note that the attack to have been deliberately orchestrated. Your internal systems did detect the initial intrusion, and your team responded by changing login credentials — yet failed to take any action to isolate or secure the file server housing the confidential data. That server was left completely exposed.

The actual exfiltration occurred several days after your cursory attempt to protect client information, which suggests not just a technical oversight but clear operational negligence. Ignoring an active threat while leaving sensitive infrastructure unmonitored is, by every legal and regulatory standard, a breach of duty — and absolutely actionable.

This breach is your responsibility. Your servers were the source, your protocols failed, and your firm now bears the consequences.