Ransomware victim disclosure
← All victimsSalvi, Schostok & Pritchard P.C.
Claimed by Frag · listed 1 year ago
Status timeline
- ListedMar 24, 2025
- Data leakeddate unknown
At a glance
- Group
- Frag
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Mar 24, 2025
- Ransom demanded
- $2.5B
About the victim
AI dossier — public-source company profileSalvi, Schostok & Pritchard P.C. is a Chicago-based personal injury and medical malpractice law firm operating for over 40 years. The firm has recovered over $3.5 billion in verdicts and settlements for clients across Illinois and maintains offices in Chicago and Waukegan.
- Industry
- Legal Services - Personal Injury & Medical Malpractice
- Address
- Chicago, Illinois, United States (multiple offices including Waukegan)
- Founded
- 1984
Attack summary
Severity: critical — Confirmed exfiltration of regulated sensitive data including client medical records, PII at scale (clients and employees), and healthcare-related documents (Medicare records). Law firm handling medical malpractice cases creates heightened exposure of protected health information and personally identifiable information.The frag group claims to have exfiltrated customer medical documents, client and employee contact information, partnership agreements, licenses, contracts, and Medicare documents from the firm's systems.
Data the group says was taken
AI dossier — extracted from the leak post- customer medical documents
- client contact information
- employee contact information
- partnership agreements
- licenses and credentials
- contracts
- Medicare documents
What the group claims
Law Practice Your IL Medical Malpractice and Personal Injury Attorneys. Over $2.5 billion recovered in verdicts and settlements. Our team was successful in extracting the following documents: Customer medical documents Contact information of clients and employees Partnership agreements, licenses and contracts Medicare documents
Sources
- Victim sitesalvilaw.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

