A cloud-based immigration case management platform called DocketWise has disclosed a breach affecting 116,666 people — clients of the thousands of US immigration law firms that rely on the software. The data exposed is extraordinarily sensitive: Social Security numbers, passport numbers, medical records, financial details, and immigration case files.
The breach happened in October 2025. DocketWise didn’t start notifying victims until April 3, 2026. That’s roughly six months where affected individuals had no idea their most personal information was compromised.
What Was Stolen
The scope of exposed data reads like a worst-case scenario for privacy. According to breach notifications filed with state authorities, the compromised information includes:
- Full names, addresses, and dates of birth
- Social Security numbers and tax identification numbers
- Passport and driver’s licence numbers
- Financial account numbers, usernames, and access credentials
- Payment card numbers
- Health insurance policy numbers, medical conditions, and treatment information
- Government-issued ID numbers
- Login credentials for non-financial accounts
For immigration clients specifically, this is devastating. Many of these individuals are in vulnerable legal situations, and the combination of passport data, immigration case details, and Social Security numbers creates serious risks — from identity theft to potential exploitation.
How It Happened
DocketWise says an unauthorised actor used valid credentials to clone third-party partner repositories that were part of the company’s data migration pipeline. Data migration pipelines often contain raw, unstructured data that lacks the encryption and access controls applied to production databases. The attacker didn’t need to crack encryption or exploit a zero-day vulnerability — they walked in with a working key.
This is a pattern that should alarm anyone who stores sensitive data in cloud platforms. When companies move data between systems, those in-between stages can become blind spots — repositories holding unprotected copies of information that would otherwise sit behind layers of security.
Six Months of Silence
The notification timeline is arguably as concerning as the breach itself. DocketWise discovered the unauthorised access in October 2025 but didn’t begin contacting affected individuals until April 2026. During those six months, 116,666 people had no opportunity to freeze their credit, monitor their accounts, or take any protective action.
Multiple US states have breach notification laws requiring disclosure within 30 to 60 days of discovery. Class action attorneys at Schubert Jonckheer & Kolbe and Bryson Harris Suciu & DeMay are now investigating whether DocketWise violated these requirements. A class action lawsuit appears likely.
Why This Matters for Cloud Trust
DocketWise is exactly the kind of specialised SaaS platform that professionals trust implicitly. Immigration attorneys store their clients’ most sensitive information there because the alternative — paper files and spreadsheets — is impractical. That trust came with an assumption that the data would be properly protected.
This breach exposes a recurring problem with cloud-hosted professional services: the data they hold is extraordinarily sensitive, but their security practices don’t always match. A data migration pipeline with valid credentials floating around and no apparent monitoring for unusual access is a fundamental security failure, not a sophisticated attack.
The lesson is straightforward. When you hand data to a cloud service, you’re trusting not just their production security but every system that data touches — migration pipelines, backups, partner integrations, staging environments. Any of those can become the weakest link.
What Affected Individuals Should Do
If you received a notification from DocketWise, or if you’ve used an immigration law firm that relies on their platform:
- Freeze your credit with all three bureaus (Equifax, Experian, TransUnion) immediately. This is free and prevents anyone from opening new accounts in your name.
- Monitor your financial accounts for unfamiliar transactions. Set up alerts with your bank.
- Change passwords for any accounts that might share credentials with those exposed in the breach.
- Watch for phishing — attackers who have this level of personal detail can craft extremely convincing scams targeting you by name with accurate personal information.
- Consider an identity monitoring service. Check whether DocketWise is offering credit monitoring to affected individuals.
When a service trusted with your most personal data fails to protect it — and then fails to tell you about it for six months — it’s a reminder that choosing where your data lives is one of the most consequential privacy decisions you can make.