Ransomware victim disclosure
← All victimsRSH legal
Claimed by Dan0N · listed 2 years ago
Status timeline
- ListedApr 25, 2024
- Data leakeddate unknown
At a glance
- Group
- Dan0N
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- Apr 25, 2024
- Data size
- 6 TB
About the victim
AI dossier — public-source company profileRSH Legal is an Iowa-based personal injury and employment law firm operating across multiple locations (Cedar Rapids, Des Moines, Dubuque). They specialize in car accidents, workers' compensation, nursing home abuse, medical malpractice, wrongful death, and employment law cases, offering contingency-fee representation.
- Industry
- Legal Services – Personal Injury & Employment Law
Attack summary
Severity: critical — Confirmed exfiltration of 6 TB including client personal data (regulated under state privacy laws), employee records, and sensitive financial/legal documents of a law firm. Scale and sensitivity of regulated PII and attorney-client information elevates this to critical.Dan0N claims to have exfiltrated 6 TB of data from RSH Legal, including corporate financial and legal records, employee and partner information, and personal data of clients. The group has published the data.
Data the group says was taken
AI dossier — extracted from the leak post- Financial records
- Legal documents
- Employee information
- Partner information
- Client personal data
What the group claims
The total size of stolen information is 6 TB. This leak contains corporate information of the company: Financial, legal, information on employees and partners. Information on clients: Personal data of
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

