U.S. law firm Orrick, Herrington & Sutcliffe has agreed to a $8 million settlement to address class action claims arising from a breach of client data. The proposed settlement, filed in San Francisco federal court, seeks resolution for individuals whose personal information was compromised in the cybersecurity incident.
According to plaintiffs, hackers infiltrated Orrick’s systems, gaining unauthorized access to sensitive personal data of over 600,000 individuals. The compromised information, including names, addresses, dates of birth, and Social Security numbers, posed significant privacy and security risks for affected individuals, prompting legal action against the law firm.
While Orrick denies any wrongdoing or liability in connection with the breach, the proposed settlement remains subject to approval by U.S. District Judge Susan Illston. A spokesperson for Orrick has yet to respond to requests for comment, emphasizing the complex legal ramifications of cybersecurity incidents within the legal sector.
Notably, Orrick had previously reached an agreement in principle with plaintiffs in December, expressing regret for the disruption caused by the breach. However, plaintiffs criticized the firm’s initial offer of identity monitoring as inadequate, highlighting the ongoing debate over appropriate remedies for data breach victims.
The settlement, if approved, will enable class counsel to seek up to 25% of the settlement fund, reflecting the efforts expended in pursuing legal recourse on behalf of affected individuals. Despite Orrick’s denial of liability, the settlement underscores the financial and reputational repercussions of cybersecurity incidents on legal entities and their clients.
The case, titled In re Orrick, Herrington & Sutcliffe, LLP Data Breach Litigation, underscores the legal complexities surrounding data breaches and the heightened scrutiny placed on organizations to safeguard sensitive information.
