Ransomware victim disclosure
← All victimsMilberg LLP
listed as Milberg · Claimed by Sarcoma · listed 1 year ago
Status timeline
- ListedJul 8, 2025
- Data leakeddate unknown
At a glance
- Group
- Sarcoma
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Jul 8, 2025
- Data size
- 3 TB
About the victim
AI dossier — public-source company profileMilberg is a law firm operating in the United States that represents clients in litigation matters. The firm operates a website at milberg.com and is among several legal practices targeted in this incident.
- Industry
- Legal Services
Attack summary
Severity: critical — Law firm breach involving exfiltration of 3 TB of data containing confidential client information, attorney-client privileged communications, and sensitive litigation materials. This affects client PII and regulated data across potentially numerous clients at scale.The Sarcoma group claims to have exfiltrated data from Milberg and three other law firms as part of a coordinated attack. The group states that 3 TB of sensitive information was stolen and is being published as proof of compromise.
Data the group says was taken
AI dossier — extracted from the leak post- Client case files
- Legal correspondence
- Financial records
- Attorney work product
- Confidential client information
What the group claims
Why did the ransomware victims' law firm start offering yoga classes? Because they wanted to teach their clients how to stay flexible when dealing with unexpected "attacks"! A law firm that helps ransomware victims got hit themselves? Looks like they have not just clients in hostage, but their own data too! The archive contains data of the following companies: https://thesandersfirm.com/ https://aronovaassociates.com/ https://sgafirm.com/ https://milberg.com/ P.S. We get it, you’re some top-notch lawyers doing everything you can to dodge the fallout with legal tricks, but you still have a shot at a sweet deal for now.Geo: USA - Leak size: 3 TB - Contains: Sensitive information
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

