Optima Tax Relief Experiences Ransomware Incident Resulting in Data Breach
U.S. tax resolution firm Optima Tax Relief has recently fallen victim to a Chaos ransomware attack, resulting in the exposure of sensitive data. The attackers have claimed responsibility for the breach and confirmed that approximately 69 GB of data has been stolen from the organization.
Optima Tax Relief is recognized as a prominent entity in the U.S. tax resolution sector, primarily assisting individuals and businesses in navigating federal and state tax challenges. The firm asserts its status as the leading tax resolution firm in the nation, boasting a resolution of over $3 billion in tax liabilities for its clients.
The Chaos ransomware group has included Optima Tax Relief on its data leak site, continuing a trend of high-profile breaches. The leaked data reportedly contains critical corporate information along with customer case files. Tax documents often include sensitive personal data, including Social Security numbers, phone numbers, and addresses, which can be exploited for identity theft or other malicious activities.
Industry sources indicate that this incident represents a double-extortion attempt, where the perpetrators have not only encrypted critical server data but also exfiltrated sensitive information from the firm.
Chaos ransomware is a relatively new player in the ransomware landscape, emerging in March 2025. The group initially gained attention by announcing its first victims on its data leak platform.
This ransomware operation should not be conflated with The Chaos ransomware builder, which has been in circulation since 2021 and has facilitated various phishing and malware campaigns through its branded encryptors.
In addition to targeting Optima Tax Relief, the Chaos group has also claimed responsibility for breaching the Salvation Army. The latter did not provide any response when approached for comments regarding the breach.
Efforts to reach out to Optima Tax Relief for further clarification on the attack have been made, with an intention to update the information as responses are received.