DocketWise Breach Exposes 143K Immigration Clients' SSNs and Passports

Immigration and legal case management platform DocketWise is notifying over 143,000 people that their sensitive personal information—including Social Security numbers, passport numbers, and medical records—was compromised in a breach involving cloned data repositories. The incident exposes the risks of storing highly sensitive immigration data in cloud-based legal tech platforms.

The breach is particularly concerning given the nature of the exposed information. Immigration clients entrust law firms with their most sensitive documents: passport details, government IDs, health records required for visa applications, and financial information. This data falling into criminal hands creates serious risks beyond typical identity theft.

What Was Compromised

According to filings with the Maine Attorney General, the breach exposed:

• Personal identifiers: Names, addresses, dates of birth
• Government IDs: Social Security numbers, driver's license numbers, passport numbers, other government identification
• Financial information: Bank account numbers, credentials, payment card numbers, tax identification numbers
• Healthcare data: Health insurance policy numbers, medical conditions, and treatment information
• Account credentials: Usernames and passwords for non-financial accounts

This is effectively a complete identity package for each affected individual—everything needed for comprehensive identity theft, fraudulent immigration applications, or targeted extortion campaigns.

How the Breach Occurred

DocketWise stated that a threat actor "cloned using valid credentials" third-party partner repositories. Some of these cloned repositories "were used as a data migration pipeline for the DocketWise application," meaning they contained actual law firm client records rather than just test data or configuration files.

The technical details suggest either credential compromise at a partner organization or insider access. Using "valid credentials" to clone repositories wouldn't trigger the usual security alerts that brute-force or exploitation attacks generate. The attackers knew exactly where to look.

The company hasn't disclosed which partner was compromised or how the credentials were obtained. This gap matters because DocketWise users—immigration law firms—need to understand whether their own credentials or integrations were involved.

Timeline and Scope

• October 2025: DocketWise began investigating the incident
• Early April 2026: Initial filing reported 116,000 affected individuals
• May 2026: Updated count increased to 143,480 affected individuals

The six-month gap between investigation start and public notification raises questions, though complex data breach investigations often require extensive forensics to determine scope. The 23% increase in affected count between filings suggests the company initially underestimated the breach's reach.

Why Immigration Data Is Uniquely Sensitive

Immigration clients face elevated risks when their data is compromised. Beyond standard identity theft concerns:

Immigration fraud: Stolen passport numbers and government IDs can be used to create fraudulent documents or file false immigration applications. Victims may find their identities used by others entering countries illegally, complicating their own future immigration proceedings.

Extortion potential: Undocumented individuals or those with pending immigration cases are particularly vulnerable to extortion. Attackers could threaten to report them to immigration authorities or release sensitive information unless paid.

Medical privacy: Immigration applications often require medical examinations and health records. This information could be used for insurance fraud, discrimination, or blackmail—especially if it reveals sensitive conditions.

Long-term exposure: Unlike credit card numbers, you can't cancel and replace your passport number or immigration history. This data remains sensitive indefinitely.

DocketWise's Response

The company reports that unauthorized access has been terminated and claims "no evidence that the compromised personal information has been published online." Affected individuals are being offered two years of credit monitoring and identity restoration services.

Credit monitoring, while standard, provides limited protection for the type of data exposed here. It won't detect fraudulent immigration applications, medical identity theft, or extortion attempts. Affected individuals should consider placing security freezes with all three credit bureaus and monitoring their immigration records directly with USCIS.

The Legal Tech Security Problem

This breach reflects a broader pattern in legal technology. Law firms handle extraordinarily sensitive client data, yet often rely on third-party platforms without full visibility into those platforms' security practices.

The 2026 Verizon DBIR found that third-party breaches now feature in 48% of all data breaches—a 60% increase from the prior year. Legal tech platforms create additional exposure because they aggregate sensitive data from multiple law firms into centralized systems.

Immigration law firms should review their data handling practices and conduct due diligence on any platforms storing client information. Ask vendors specific questions: Where is data stored? Who has access? What happens during data migrations? How are partner credentials managed?

For affected individuals, the standard advice applies: monitor credit reports, consider security freezes, and watch for any unusual activity related to your immigration status. If you're a client of an immigration law firm that used DocketWise, assume your information may have been exposed even if you haven't received a notification yet.

Frequently Asked Questions

How do I know if my information was compromised?

DocketWise is notifying affected individuals directly. If you've been a client of an immigration law firm that uses DocketWise for case management, contact your attorney to ask whether your records were affected. The company is providing two years of free credit monitoring to those impacted.

What should I do if my passport number was exposed?

Report the potential compromise to your country's passport authority. In the US, you can report passport fraud to the State Department. Consider applying for a new passport—the exposed number will remain in your records but won't be your current document.