Orrick, Herrington & Sutcliffe, a renowned international law firm, fell victim to a substantial data breach, revealing the sensitive information of more than 600,000 individuals. Discovered in March 2023, the breach exposed personal details, including health information, of clients associated with Orrick. The compromised data encompassed names, addresses, dates of birth, and government-issued identification numbers, along with medical and insurance details. Orrick promptly notified affected individuals and offered identity theft protection services through a two-year Kroll monitoring service.
The breach, categorized as an external system breach caused by hacking, impacted clients of Orrick, including those with vision plans from EyeMed Vision Care, dental plans from Delta Dental, and data from health insurance company MultiPlan, Beacon Health Options (now Carelon), and the U.S. Small Business Administration. Orrick’s response involved written notifications and identity protection measures.
Ongoing investigations and legal implications surround the Orrick data breach. The law firm, responding to inquiries, expressed regret for the incident’s inconvenience and distraction. A settlement, reached within a year of the breach, is in progress, addressing a class-action lawsuit involving hundreds of thousands of victims. While settlement details are undisclosed, Orrick aims to finalize terms, pending approval, to resolve all claims related to the breach.
