Ransomware victim disclosure
← All victimsLincoln Law
Claimed by Lynx · listed 1 year ago
Status timeline
- ListedAug 1, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Aug 1, 2025
About the victim
AI dossier — public-source company profileLincoln Law is a bankruptcy law firm established in 2001 and headquartered in Orem, Utah, with additional offices in California. The firm specializes in consumer bankruptcy and debt relief services, having assisted thousands of families through Chapter 7 and Chapter 13 bankruptcy filings.
- Industry
- Legal Services - Bankruptcy & Debt Relief
- Address
- 921 West Center St. Orem, UT 84057; 1525 Contra Costa Blvd, Pleasant Hill, CA 94523; 24301 Southland Dr Ste 214B, Hayward, CA 94545
- Founded
- 2001
Attack summary
Severity: medium — Data has been published by the threat actor (disclosed_status: 'data_published'), elevating beyond announcement-only. However, no proof files, data inventory, or specifics on exfiltrated content are detailed in the leak post. The firm handles sensitive client financial and personal information (bankruptcy cases), which is regulated, but without confirmation of what was actually taken, severity remains medium rather than critical.The Lynx group claims to have attacked Lincoln Law and published data. No details are provided in the leak post regarding what was encrypted, exfiltrated, or the nature of data at stake.
What the group claims
Established in 2001 and headquartered in Orem, Utah, Lincoln Law is a law firm that focuses on the interests of consumer bankruptcy.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

