A U.S. district court has officially approved an $8 million settlement in a class action lawsuit against Orrick, Herrington & Sutcliffe, stemming from a significant data breach that impacted more than 638,000 individuals. The breach, which was discovered in March 2023, occurred after cybercriminals gained unauthorized access to the law firm’s network between November 2022 and March 2023. The compromised data included personally identifiable information (PII) such as names, Social Security numbers, and health-related details of individuals linked to various clients, including major healthcare sector entities like EyeMed and Delta Dental of California.
Under the terms of the settlement, affected class members are eligible for compensation, with individuals able to claim up to $2,500 for out-of-pocket expenses and up to $7,500 for extraordinary losses. Additionally, Orrick is providing three years of enhanced credit monitoring services, which includes identity theft insurance coverage of up to $1 million. This provision aims to help mitigate the long-term impact of the breach, giving victims an added layer of protection against identity theft and fraud.
In addition to financial compensation and credit monitoring, the settlement mandates that Orrick take substantial steps to enhance its data security protocols. These include upgrading its vulnerability scanning systems, deploying more advanced endpoint detection and response software, and increasing its network security capabilities by engaging a third-party cybersecurity vendor for 24/7 monitoring. These measures are intended to reduce the risk of future breaches and protect sensitive client information going forward.
The finalization of this settlement comes at a time when other law firms are facing similar security challenges. In the same week, another breach involving the law firm Thompson Coburn came to light, affecting the healthcare data of over 300,000 individuals. These incidents highlight the growing concerns over cybersecurity within the legal sector, especially as firms handle vast amounts of sensitive data. The Orrick settlement not only compensates victims but also sets a precedent for future legal actions in the face of increasing cyber threats.
Reference: