07.04.2026 11:45

A significant security incident has come to light involving DocketWise, a technology firm specializing in immigration management software, resulting in the exposure of personal information for over 116,000 individuals. According to official documentation submitted to the Maine Attorney General’s Office, the breach originated from unauthorized access to a repository managed by one of the company’s third-party partners, where user login credentials were stored.

The timeline of the incident reveals a critical delay between compromise and discovery. While the illicit access is believed to have commenced on September 1, 2025, the breach was not identified until February 19, 2026, a five-month window during which data may have been vulnerable. This prolonged period underscores the challenges in detecting sophisticated, low-and-slow cyber intrusions within complex vendor ecosystems.

Preliminary findings indicate that the compromised data trove is exceptionally sensitive, extending beyond basic contact details. Exposed information is reported to include full names, Social Security numbers, and other personally identifiable information commonly required for immigration processes. The nature of this data elevates the risk for affected individuals, potentially opening avenues for identity theft, fraud, and other malicious exploitation.

This event highlights the pervasive threat of supply chain attacks, where cybercriminals target weaker links in a service provider’s network to access the primary target’s data. For a company handling the intricate and confidential details of immigration cases, the breach raises serious questions about data stewardship, third-party vendor oversight, and the protocols in place to monitor external repositories. Internet sources indicate that notifications to impacted individuals are now underway as part of the mandatory regulatory response.