Don't miss the launch of Risk Automations and Vendor Onboarding Portal
Watch recording
News
Data breach reported for Cyrus D. Mehta & Partners
BlogBreachesResourcesNews
Data breach reported for Cyrus D. Mehta & Partners

Data breach reported for Cyrus D. Mehta & Partners

UpGuard Team
UpGuard Team
February 25, 2026

Key facts: Cyrus D Mehta & Partners PLLC data breach

  • Date reported: February 23, 2026.
  • Unauthorized access identified: May 11, 2025.
  • Target entity: Cyrus D Mehta & Partners PLLC (cyrusmehta.com).
  • Source of breach: Unknown, unauthorized third-party.
  • Data types: Addresses, demographic details, dates of birth, Social Security numbers, and government identification (such as passport numbers).
  • Status: Confirmed; the firm discovered suspicious activity in May 2025 and issued official notice letters on February 23, 2026.
  • Severity: Medium; involves the potential removal of sensitive personal identification data by an unauthorized party.

Start continuous breach monitoring with UpGuard.

What happened in the Cyrus D Mehta & Partners PLLC data breach?

Cyrus D Mehta & Partners PLLC (cyrusmehta.com) disclosed a data incident on February 23, 2026. The breach involved unauthorized access to the firm's internal systems, which was first discovered on or around May 11, 2025. No specific threat actor has been linked to the attack at this time.

The incident resulted in the potential exposure of sensitive information related to individuals who received immigration services. The compromised data includes addresses, demographic details, dates of birth, Social Security numbers, and various forms of government identification. This medium-severity incident highlights the risks associated with unauthorized system access. While the firm has not found evidence of misuse, such events typically pose risks of identity theft and targeted phishing attacks.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for Cyrus D Mehta & Partners PLLC customers

For those affected, the exposure of Social Security numbers and government identification presents a risk of identity theft and credential abuse. Individuals may also face increased phishing attempts or fraudulent financial activity. Because demographic information and addresses were also involved, malicious actors could potentially use this data to build sophisticated social engineering profiles.

Such incidents often lead to long-term monitoring requirements for victims; affected individuals should consider freezing credit reports and enabling fraud alerts. Maintaining transparency about the scope of the breach helps users take timely protective actions to mitigate these potential consequences.

How to protect against similar security incidents

Get instant alerts when your data appears on the dark web.

Frequently Asked Questions

What happened in the Cyrus D Mehta & Partners PLLC security breach?

On February 23, 2026, Cyrus D Mehta & Partners PLLC (cyrusmehta.com) disclosed a security breach. According to initial reports, the firm experienced unauthorized access to its systems, potentially exposing personal data belonging to individuals who utilized their immigration services.

When did the Cyrus D Mehta & Partners PLLC breach occur?

The Cyrus D Mehta & Partners PLLC breach was publicly reported on February 23, 2026. The exact date of the attack has not been disclosed, though the firm discovered the unauthorized access on or around May 11, 2025.

What data was exposed?

The types of data involved in the Cyrus D Mehta & Partners PLLC incident include addresses, demographic information, dates of birth, Social Security numbers, and government identification.

Is my personal information at risk?

If you interacted with Cyrus D Mehta & Partners PLLC, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

How can I protect myself after this data breach?

  • Change passwords and use a password manager.
  • Enable multi-factor authentication (MFA) on all sensitive accounts.
  • Monitor financial and credit reports for suspicious activity.
  • Be cautious of unsolicited communications or phishing attempts.
  • Utilize breach monitoring tools to track data exposure.
  • Monitor your "MyUSCIS" or immigration portal accounts for any unauthorized changes or suspicious communications.
  • Report lost/stolen passports if you believe your specific passport number is being misused,

What steps should companies take after being impacted by this breach?

To address the incident, Cyrus D Mehta & Partners PLLC has worked to secure its systems and enhance existing security measures. Companies in this position typically notify affected parties, provide guidance on protective actions, and deploy attack surface management tools to prevent future unauthorized access.

How secure is Cyrus D. Mehta & Partners PLLC?

Cyrus D. Mehta & Partners PLLC (cyrusmehta.com) is a prominent U.S. immigration law firm based in New York City.
  • Check icon
    View our free preliminary report on Cyrus D. Mehta & Partners PLLC’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Cyrus D. Mehta & Partners PLLC's score
View score
https://cyrusmehta.com
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Payload Claims Data Breach on Royal Bahrain Hospital (RBH)

Payload Claims Data Breach on Royal Bahrain Hospital (RBH)

A data breach involving Royal Bahrain Hospital was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 16, 2026
Gov.Uk Suffers Data Leak

Gov.Uk Suffers Data Leak

A data breach involving GOV.UK was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 16, 2026
Data breach reported for Earthbound Holding

Data breach reported for Earthbound Holding

A data breach involving Earthbound Trading was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 12, 2026
Data breach reported for Health Dimensions Group

Data breach reported for Health Dimensions Group

A data breach involving Health Dimensions Group was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 11, 2026
Data breach reported for OSI Systems

Data breach reported for OSI Systems

A data breach involving OSI Systems was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 11, 2026
Michelin Data Breach Due to Oracle EBS Exploit

Michelin Data Breach Due to Oracle EBS Exploit

A data breach involving Michelin was reported in March 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
March 11, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating