Orrick Herrington & Sutcliffe, a prominent law firm specializing in data breach legal services, has reached an $8 million settlement to resolve a class action lawsuit stemming from a cyberattack it suffered last year. The proposed agreement, filed in a northern California federal court, addresses allegations of inadequate security measures and delayed breach notifications following the incident. Under the settlement terms, affected individuals may receive compensation of up to $2,500 for documented expenses and losses, along with additional identity monitoring services.
The lawsuit, consolidated from multiple class action filings, accuses Orrick of failing to implement sufficient safeguards to protect its computer systems and detect the breach in a timely manner. Additionally, plaintiffs allege that Orrick neglected to notify individuals promptly, resulting in substantial harm to the affected class. As part of the settlement, Orrick has agreed to make improvements to its data security practices, including enhancements to detection and response tools and continuous vulnerability scanning.
Legal experts note the relatively swift resolution of the Orrick data breach litigation, which unfolded over approximately nine months. This rapid settlement mirrors recent trends in data breach class actions, where breached entities opt for speedy resolutions to mitigate potential losses. The outcome underscores the growing influence of class action lawsuits as a mechanism for holding organizations accountable for privacy lapses, prompting businesses to bolster their cybersecurity defenses and response strategies.
