Class Action Claims DocketWise Exposed Data of 116,000 Immigrants After Six‑Month Notification Lag

Context Immigration case‑management provider DocketWise, operating under 8am LLC, faces a class‑action suit filed by plaintiff Ngozi Emerokwam. The complaint alleges the company breached both legal and equitable duties to safeguard personally identifiable information (PII). The lawsuit seeks damages, injunctive relief, and a jury trial.

Key Facts - The breach allegedly compromised names, Social Security numbers, immigration identifiers, government ID numbers, and usernames for non‑financial accounts. - Plaintiffs claim DocketWise discovered the intrusion in October 2025 but did not begin notifying affected individuals until April 15 2026, a delay of roughly six months. - The complaint describes the company’s actions as “negligent, reckless, and willful,” asserting that the failure to implement reasonable security measures directly enabled the unauthorized access. - Over 116,000 consumers are listed as class members, representing a nationwide group of U.S. residents who used DocketWise’s services. - The plaintiff’s legal team, led by Angelica Gentile of Shamis & Gentile P.A., alleges violations including negligence per se, invasion of privacy, breach of fiduciary duty, and unjust enrichment.

What It Means For security teams, the case underscores the operational risk of delayed breach notification. Under many state data‑breach laws, organizations must inform affected individuals within a reasonable timeframe—often 30 days after discovery. A six‑month lag can expose firms to heightened liability, regulatory penalties, and loss of customer trust.

The breach also highlights the importance of protecting immigration‑related PII, which is a high‑value target for identity‑theft actors. Failure to encrypt data at rest, enforce strong access controls, or monitor for anomalous log‑ins can create exploitable gaps.

Mitigations – What Defenders Should Do 1. Implement Immediate Detection – Deploy endpoint detection and response (EDR) tools that generate alerts for suspicious credential use. Map alerts to MITRE ATT&CK technique T1110 (Brute Force) and T1078 (Valid Accounts). 2. Encrypt Sensitive Fields – Apply field‑level encryption for Social Security numbers and immigration identifiers, using industry‑standard algorithms such as AES‑256. 3. Enforce Multi‑Factor Authentication (MFA) – Require MFA for all administrative and user accounts to mitigate credential‑theft risk. 4. Adopt a 24‑Hour Notification Policy – Establish a breach‑response playbook that triggers notification to affected users and regulators within 24 hours of confirmed compromise. 5. Patch Known Vulnerabilities – Regularly apply security patches, especially for any disclosed CVEs affecting the underlying cloud or database platforms. 6. Conduct Regular Audits – Perform quarterly security assessments, including penetration testing focused on data‑exfiltration pathways.

Looking Ahead Watch for court rulings that could set precedent on notification timelines for cloud‑based SaaS providers handling immigration data.