U.S. tax resolution firm Optima Tax Relief recently suffered a devastating double-extortion attack carried out by the Chaos ransomware gang. The attackers have both encrypted the internal systems and exfiltrated approximately 69 GB of corporate and customer data. The company calls itself the nation’s leading tax resolution specialist and says it has negotiated over $3 billion in federal and state tax liabilities for its clients. It offers IRS and state tax settlement services to both individuals and businesses.
On June 6, 2025, the Chaos group added Optima Tax Relief to its public data leak site, indicating that the stolen archive contained sensitive documents, including customer case files and internal corporate records. Tax-related documents routinely include personally identifiable information such as Social Security numbers, phone numbers, mailing addresses, and detailed financial histories. This information surely presents a high likelihood for identity theft, targeted phishing campaigns, and other forms of fraud
Insiders familiar with the incident confirmed that the attackers not only deployed their encryptor across Optima’s production servers but also retained copies of the data as leverage to demand payment.
Chaos ransomware emerged as a distinct threat actor in March 2025, quickly building a reputation for targeting professional services firms and publishing stolen data on its own leak portal. Despite sharing a name with the older ‘Chaos’ ransomware builder from 2021, this operation is entirely separate and has already claimed several high-profile victims, including the Salvation Army.
Optima Tax Relief has been contacted for comment but has not responded by press time. Affected clients are urged to monitor their credit reports closely, set up fraud alerts with the major credit bureaus, and consider enrolling in identity-theft protection services to guard against potential misuse of exposed personal information.
Cybersecurity experts recommend that organizations implement robust, immutable backups, enforce strict network segmentation, and maintain up-to-date endpoint protection to defend against both encryption exploits and data exfiltration attempts in future incidents. And if you find any of these steps overwhelming, Otonata is always there to help!
