The Washington Attorney General's Office reported a data breach involving R. R. Donnelley & Sons Company (RRD) on August 5, 2022. The breach, identified on December 23, 2021, resulted from a phishing attack that targeted employees and ultimately affected 648 Washington residents, exposing names, social security numbers, driver’s license numbers, and dates of birth.

Marketing giant RR Donnelly was targeted by the Conti ransomware that led to the shut down of their network. The disrupted services interrupted many operations for the customers. A large quantity of data was stolen in the attack and the attackers leaked about 2.5GB of data stolen from the RRD.

On October 9, 2020, R. R. Donnelley & Sons Company experienced a data breach reported by the Maine Office of the Attorney General on November 13, 2020. The incident involved the inadvertent disclosure of Social Security Numbers (SSNs), affecting 13 Maine residents among a total of 2,657 individuals whose sensitive data was exposed. The breach stemmed from an internal error leading to unauthorized access or exposure of personally identifiable information (PII), specifically SSNs—a high-value target for identity theft and fraud. While the total number of impacted individuals was substantial, the immediate focus was on the 13 Maine residents, whose SSNs were confirmed compromised. The company initiated notifications to affected parties on November 16, 2020, likely offering credit monitoring or identity protection services as remediation. The breach highlights vulnerabilities in data handling procedures, particularly around the safeguarding of critical identifiers like SSNs, which can have long-term repercussions for victims, including financial fraud, credit damage, and reputational harm to the organization.

Chatham Asset Management Data Breach Under Investigation Following Cyberattack Chatham Asset Management, a New Jersey-based hedge fund specializing in alternative assets, confirmed a data breach after detecting unauthorized activity within its network on December 8, 2025. The firm, which manages investments for high-net-worth clients and holds controlling interests in companies like Postmedia, McClatchy, and RR Donnelley, responded by securing its systems and engaging third-party cybersecurity experts to investigate. The hacking group Worldleaks claimed responsibility for the breach, threatening to publish stolen data on the dark web as early as December 23, 2025. Chatham officially disclosed the incident to regulators on January 20, 2026 (Massachusetts Office of Consumer Affairs and Business Regulation) and January 21, 2026 (Vermont Attorney General). The breach potentially exposed sensitive personally identifiable information (PII), including: - Names - Social Security numbers - Driver’s license details Affected individuals were notified and offered complimentary credit monitoring and identity restoration services through Cyberscout. Law firm Shamis & Gentile P.A. is investigating potential legal claims for those impacted. Chatham Asset Management, founded in 2001 by Anthony Melchiorre, operates with approximately 23 employees across offices in New Jersey and Chicago. The full scope of the breach and its financial or operational impact remains under review.