Sheheen, Hancock & Godwin hit by ransomware attack, exposes data of over 34,000 people

Sheheen, Hancock & Godwin, LLP, a Camden, South Carolina-based public accounting firm is reporting a significant data breach that exposed personal and financial information of approximately 34,599 individuals across multiple states. 

The incident occurred on April 8, 2025 when attackers stole data from the firm's network. The ransomware group LYNX claimed responsibility for the attack on their dark web leak site.

The incident was detected by Sheheen, Hancock & Godwin on May 19, 2025, more than a month after the initial breach. The investigation and review process concluded on September 3, 2025. The compromised information includes:

• Names
• Social Security numbers
• Government identification numbers (including driver's license numbers and passport numbers)
• Taxpayer Identification numbers
• Financial account information
• Dates of birth
• Medical information
• Health insurance information
• Addresses

The firm published a Notice of Data Incident on its website and began mailing notification letters to impacted individuals on September 25, 2025, approximately five and a half months after the breach occurred.

An unusual aspect of the breach is that several people who never did business with Sheheen, Hancock & Godwin received data breach notification letters. This means that their personal information was somehow stored in the firm's systems despite having no direct client relationship.

The firm is offering affected individuals one year of free credit monitoring and identity protection services. The company has set up a dedicated call center at 1-833-844-8187, available Monday through Friday between 8:00 a.m. and 8:00 p.m. Eastern Time, excluding holidays, for individuals with questions or concerns about the breach.