Cyberattacks on financial service providers are no longer isolated events. In recent years, tax preparation companies, accounting software vendors and data brokers have all found themselves in the crosshairs of increasingly aggressive ransomware gangs. These attacks don’t just disrupt operations but also expose deeply personal financial information that can fuel identity theft, fraud and long-term reputational damage.

Now, Optima Tax Relief, one of the most prominent tax resolution firms in the U.S., has joined that growing list. A ransomware group called Chaos claims to have breached Optima’s systems, stealing 69 GB of data before encrypting internal servers.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join.

Customer case files and personal information exposed

The data stolen in the attack includes what appears to be corporate documents and sensitive customer case files. Tax documents are especially valuable to cybercriminals. They often contain Social Security numbers, home addresses, phone numbers and other identifiers that can be used to commit financial fraud or impersonation.

Sources familiar with the incident told BleepingComputer this was a double-extortion attack. That means Chaos not only stole the data but also encrypted Optima’s systems, presumably demanding a ransom in exchange for access and non-disclosure. The firm has not yet commented publicly on whether it plans to pay the ransom or notify affected individuals.

TESLA DOXXING ATTACKS WRONGLY TARGET NONOWNERS ACROSS AMERICA

The attackers listed Optima on their leak site earlier this week. While the full dataset has not been published, the leak already raises concerns over regulatory compliance and consumer protection, especially given the sensitive nature of the firm’s work.

Optima Tax Relief has not released an official statement regarding the breach. There has been no confirmation about whether law enforcement or federal agencies are involved in the investigation. If you’ve ever used its services, assume your data could be at risk.

We reached out to Optima Tax Relief for a comment but did not hear back before our deadline.

DOUBLECLICKJACKING HACK TURNS DOUBLE-CLICKS INTO ACCOUNT TAKEOVERS

A new ransomware group with high-value targets

Chaos ransomware first emerged in March 2025, when it claimed responsibility for five separate breaches. The group is not connected to the “Chaos ransomware builder,” a DIY toolkit that’s been in circulation since 2021. Instead, this version of Chaos is believed to be run by a coordinated team that is strategically targeting organizations with access to large amounts of personally identifiable information.

Optima is not the only high-profile victim. In May, Chaos claimed to have breached the Salvation Army, though the organization has not publicly confirmed the attack or responded to media inquiries.

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

6 ways you can stay safe from Optima data breach

If your information was part of the Optima breach or any similar one, it’s worth taking a few steps to protect yourself.

1. Consider identity theft protection services: Since the Optima data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. See my tips and best picks on how to protect yourself from identity theft.

2. Monitor your accounts and transactions: The Optima data breach might have revealed bank details to attackers, which means they can misuse those details to steal your money. You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud. To report identity theft, visit the FTC’s IdentityTheft.gov.

3.  Contact your bank and credit card companies: Since Optima hackers might have obtained bank and credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you. You should also contact one of the three major credit reporting agencies — Equifax, Experian or TransUnion — and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification.

4. Use personal data removal services: The data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you. One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. Check out my top picks for data removal services here. 

Get a free scan to find out if your personal information is already out on the web.

5. Have strong antivirus software: Optima hackers most likely have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. Two-factor authentication requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.

Kurt’s key takeaway

The Optima breach is not an isolated event, but part of a larger failure to adapt to the sophistication of modern ransomware groups. When companies with access to tax and identity data are compromised, it’s not just an internal issue; it becomes a national one. For an industry built on trust, breaches like this erode public confidence in systems that are already strained. Attacks like these raise fresh concerns about the cybersecurity preparedness of companies that handle tax and financial data. Unlike login credentials or email addresses, stolen tax information cannot be easily reset. For victims, the consequences of such a breach could stretch across years.

Do you think finance companies are investing enough in their cybersecurity infrastructure? Let us know by writing to us at Cyberguy.com/Contact. 

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.