A threat actor claims to have breached and is selling raw data from the Massachusetts Prisoners’ Legal Services Organization (PLS). PLS is a Massachusetts-based nonprofit organization, funded by state and federal grants, that defends prisoners’ rights and provides legal services to incarcerated individuals.
The actor posted samples of the data, which appear to be from mid-2025, to prove their claims.
According to the threat actor, the compromised data dump includes a wide range of highly sensitive information. The allegedly stolen files include:
- Bank statements
- Personal Information (PII)
- Social Security Numbers (SSN)
- IOLTA accounts
- Government grants
- Internal operations data
- Employee information
- Internal emails
- Insurance invoices (BCBS)
- Payroll and HRA funding details
