Chaos Ransomware Targets Optima Tax Relief in Major Data Breach

Chaos Ransomware

Optima Tax Relief, a major U.S. tax resolution firm, has been hit by a Chaos ransomware attack. The incident resulted in the theft of 69 gigabytes of data, now exposed on the attackers’ public leak site. The gang also encrypted internal servers, indicating a double-extortion tactic.

This breach affects both internal operations and clients, many of whom have shared sensitive tax documents with the company. These files often include Social Security numbers, addresses, financial records, and personal contact details—information that can easily be exploited for fraud or identity theft.

Founded to help resolve federal and state tax liabilities, Optima claims to have handled over $3 billion in client tax issues. That reputation is now under scrutiny as the company navigates the fallout from this severe cybersecurity breach.

A Rising Threat: Chaos Ransomware Gains Momentum

The Chaos ransomware group emerged in March 2025 and has already claimed multiple victims. Their latest breaches include high-profile targets like Optima Tax Relief and reportedly the Salvation Army. The gang’s tactics suggest a coordinated and professional-level operation, separate from the older “Chaos ransomware builder” linked to amateur phishing kits.

This new variant of Chaos ransomware focuses on corporate disruption and data exposure, weaponizing sensitive information to increase pressure on victims. By encrypting systems and leaking data, the group pushes for fast ransom payments.

Eye World continues to monitor this threat actor’s behavior and advises all organizations—especially those handling personal financial data—to strengthen endpoint protection, maintain offline backups, and conduct regular cyber resilience assessments.

Limited Response from Optima Tax Relief

So far, Optima Tax Relief has not issued a detailed statement on the attack. Sources close to the matter confirm internal disruptions and active investigation efforts. As of now, no timeline has been provided for system recovery or notification to affected clients.

This incident highlights the increasing risks facing financial service providers and underscores the importance of proactive cybersecurity measures. Organizations working with sensitive personal data must prioritize early threat detection, zero-trust network architecture, and staff awareness training.

Eye World will provide updates as more verified information becomes available.

Facebook
X
LinkedIn
Picture of Fredrik Bjoerklund
Fredrik Bjoerklund
Fredrik Björklund serves as the CEO of Eye World, bringing with him over two decades of experience in internet-based industries. With a strong background in Internet and Cybersecurity, Fredrik is recognized as a seasoned expert in digital risk management, online infrastructure, and the ever-evolving cybersecurity landscape. His deep understanding of the digital world positions him as a trusted voice in the industry. As part of his leadership role, Fredrik will take an active position in curating and reporting on global cybersecurity developments. He will regularly update the Eye News Section with the latest insights, emerging threats, and critical updates in the cybersecurity domain, ensuring readers are well-informed in an increasingly digital and vulnerable world.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2025 Eye World AB

Linkedin Youtube X-twitter

Products

Industries

Knowledge

About Us