Ransomware victim disclosure
← All victimsHall Estill
Claimed by SilentRansomGroup · listed 9 months ago
Status timeline
- ListedOct 24, 2025
- Data leakeddate unknown
At a glance
- Group
- SilentRansomGroup
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Oct 24, 2025
About the victim
AI dossier — public-source company profileHall Estill is a full-service law firm founded in 1966 and headquartered in Tulsa, Oklahoma. The firm serves clients ranging from Fortune 500 companies to individuals across a broad range of practice areas. It operates multiple offices across Oklahoma and beyond.
- Industry
- Legal Services
- Address
- 320 South Boston Avenue, Suite 200, Tulsa, Oklahoma 74103, United States
- Employees
- 201-500
- Founded
- 1966
Attack summary
Severity: critical — Hall Estill is a full-service law firm, meaning exfiltrated data almost certainly includes privileged attorney-client communications, confidential legal strategies, PII of clients at scale, and potentially sensitive financial or litigation-related records. Data has been published, confirming exfiltration of regulated and highly sensitive information.SilentRansomGroup claims to have exfiltrated data from Hall Estill, with the disclosure status marked as data_published, indicating stolen data has been released or made available. The specific data types exfiltrated have not been fully enumerated in the truncated post.
Data the group says was taken
AI dossier — extracted from the leak post- Client legal files
- Confidential attorney-client communications
- Personally identifiable information (PII)
- Financial records
- Contracts and agreements
- Employee records
What the group claims
Founded in 1966 in Tulsa, Oklahoma, Hall Estill is a full-service law firm with clients ranging from F…
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

