Accounting firm Sheheen, Hancock & Godwin this week confirmed it notified more than 34,000 people of an April 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Government-issued ID numbers (e.g. driver’s license, passport)
- Taxpayer ID numbers
- Financial account info
- Dates of birth
- Medical info
- Health insurance info
Five states have so far disclosed breach figures from the April 8, 2025 data breach. The vast majority of victims are in South Carolina, where the firm is based (34,059). The firm also notified 416 people in Texas, 56 in Massachusetts, 49 in Maine, and 19 in New Hampshire, according to those states’ attorneys general.
Ransomware group Lynx took credit for the breach. On its data leak site, Lynx claimed it stole 10 GB of data from Sheheen, Hancock, and Godwin. Lynx gave the firm until April 25, 2025 to pay an undisclosed sum in ransom. Lynx threatened publish the stolen data if the ransom wasn’t paid.
Sheheen, Hancock, & Godwin has not verified Lynx’s claim. We do not know if the firm paid a ransom, how much Lynx demanded, or how attackers breached the firm’s network. Comparitech contacted Sheheen, Hancock, & Godwin for comment and will update this article if it responds.
The notice (PDF) posted by Sheheen does not mention any offer of free credit monitoring or identity theft protection for victims.
Who is Lynx?
Lynx is a spin-off of Inc, another prominent ransomware group. Lynx operates a ransomware-as-a-service scheme in which affiliates pay Lynx to use its malware and infrastructure to launch attacks and collect ransoms. It started listing organizations it claims to have hacked on its data leak site in July 2024.
Lynx has claimed responsibility for 33 confirmed ransomware attacks to date, plus 267 unconfirmed attack claims that haven’t been publicly acknowledged by the targeted organizations.
Lynx’s other recently confirmed targets include Inflite Engineering Services Limited in the UK. The firm notified 3,700 people of a June 2025 breach, including Afghans seeking refuge under the Afghan Relocations and Assistance Policy.
Lynx also claimed attacks on BüchnerBarella Unternehmensgruppe in Germany, which reported a breach in August, and Aceros Inoxidables Olarra in Spain, which reported a breach in September.
Ransomware attacks on US finance
In 2025 to date, Comparitech researchers have logged 26 confirmed ransomware attacks on US financial firms, compromising more than 204,000 records.
Those figures have decreased since the same time last year when we tracked 80 such attacks compromising 36 million records. However, many attacks in 2025 have yet to be confirmed.
Ransomware attacks on US financial firms can lock down computer systems and steal data. The attackers then demand a ransom in exchange for deleting the data and a key to restore infected systems. If the firm refuses, it faces extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Sheheen, Hancock, & Godwin
Sheheen, Hancock, & Godwin is an accounting firm founded in 1959 and based in Camden, South Carolina. Its website says it represents both individuals and corporations.
