Ransomware victim disclosure
← All victimsTodd, Hamaker & Johnson, LLP
listed as About Todd Hamaker & Johnson · Claimed by Akira · listed 3 days ago
Status timeline
- ListedJun 30, 2026
- Data leakeddate unknown
At a glance
- Group
- Akira
- Status
- Data leaked
- Sector
- Business Services
- Listed on leak site
- Jun 30, 2026
About the victim
AI dossier — public-source company profileTodd, Hamaker & Johnson, LLP is a professional tax and accounting firm based in Lufkin, Texas, offering comprehensive services including tax preparation, accounting, audit, and financial guidance to individuals and businesses.
- Industry
- Professional Tax & Accounting Services
- Address
- Lufkin, Texas
Attack summary
Severity: critical — Confirmed exfiltration of regulated PII at scale (passports, SSNs, driver's licenses for multiple clients and employees) plus financial records and confidential business documents. Data volume (40 GB) and regulated data types meet critical threshold.Akira claims to have exfiltrated approximately 40 GB of corporate data, including client and employee personally identifiable information (passports, social security numbers, driver's licenses), detailed financial records, client financials, contracts, and confidential client documents.
Data the group says was taken
AI dossier — extracted from the leak post- Client personal information (passports, SSNs, driver's licenses)
- Employee personal information
- Detailed corporate financials
- Client financial records
- Confidential client documents
- Contracts and agreements
What the group claims
Todd, Hamaker & Johnson, LLP is a professional tax and accounting firm based in Lufkin, Texas, dedicated to providing personalized services to both individuals and businesses. The firm offer s a comprehensive range of services including tax, accounting, audit, and financial guidance. We will upload 40gb of corporate data soon. Lots of client and employee personal information (p assports, SSNs, DLs and other information), detailed financials, client financials and other co nfidential client docs, contracts and agreements, etc.
Source
Indexed 3 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

