Riddell Law Group Data Breach

On October 16, 2025, Riddell Law Group detected suspicious activity within its network environment, prompting an immediate shutdown of affected systems. Riddell engaged IT professionals and a specialized third‑party cybersecurity firm to investigate the incident and determine its scope. The forensic investigation was completed on November 11, 2025, confirming that an unauthorized actor accessed certain files within Riddell’s network.

Riddell states it takes the privacy and security of personal information seriously and has implemented steps to prevent similar events in the future. As part of its notification obligations, Riddell provided formal notice to affected individuals and regulatory authorities. According to the notice, 19,596 individuals were potentially impacted. Notification letters were mailed on February 12, 2026.

Riddell Law Group, founded in 1990 and led by board-certified attorney Cynthia Riddell, is a Sarasota, Florida-based firm specializing in residential and commercial real estate, title insurance, estate planning, and probate. With locations in Sarasota, Venice, and Lakewood Ranch, they provide legal services for property transactions and related matters. 

Following discovery of the incident, Riddell implemented additional safeguards and security measures, including mandatory MFA, password resets, and enhanced internal cybersecurity practices. The firm also offered 12 months of complimentary credit monitoring and identity theft restoration services through Cyberscout, a TransUnion company.

If you received a Data Breach notification letter from Riddell Law Group, it confirms that your personal information may have been accessed and/or acquired by an unauthorized party.

What information is involved in the Riddell Law Group Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) includes sensitive data that can be used to identify you, commit fraud, or enable identity theft. Unauthorized access to information such as SSNs, financial account data, and government ID numbers places individuals at high risk of criminal misuse—often months or even years after the incident.

If Protected Health Information (PHI) was involved, the exposed data may include medical information protected under HIPAA and state privacy laws. PHI exposure increases the risk of medical fraud, insurance fraud, and unauthorized use of confidential health data.

Riddell states it is not aware of any actual or attempted misuse of affected personal information to date. However, exposure of this category of data is considered high‑risk under state and federal privacy laws.

Residents of California benefit from enhanced privacy protections under the California Consumer Privacy Act (CCPA), which provides additional rights regarding the collection, storage, and protection of personal information. California residents may also have additional legal remedies when personal data is compromised in a breach.

If your data has been exposed, it is essential to promptly enroll in offered identity protection services and monitor your financial accounts, credit reports, and legal records for suspicious activity.

Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.