In a class-action suit filed against the law firm Orrick, Herrington and Sutcliffe, victims of a data breach that occurred in March are alleging that the firm compromised the personal information of over 152,000 individuals. The lawsuit also claims that the firm failed to promptly inform the victims about the breach, only disclosing it more than three months after it had occurred. Additionally, the breach was reported to various state regulators in July.
The affected individuals in this case were insured by Delta Dental in California and EyeMed Vision Care. They claim that Orrick, Herrington and Sutcliffe “failed to implement reasonable measures to ensure their computer systems were protected [and] take adequate steps to prevent and stop the breach.” Dennis Werley, one of the plaintiffs, stated that he has been receiving phone calls from spammers who seem to possess his personal identifiable information (PII). It is believed that the threat actors responsible for the breach are either using the PII themselves or selling it to third-party spammers.
In response to the breach, the law firm is offering breach victims two years of identity monitoring. However, the parties involved in the lawsuit argue that this compensation is insufficient considering the severity of the breach. No specific monetary amount has been disclosed in relation to the damages sought.
Data breaches have become a growing concern in recent years, affecting various industries and organizations. Law firms, in particular, have become attractive targets for cybercriminals due to the valuable and sensitive information they often possess. The legal industry, unfortunately, seems to have fallen victim to cybercrime repeatedly, which has led to concerns about the industry’s vulnerability.
The delayed disclosure of the breach by Orrick, Herrington and Sutcliffe raises questions about their handling of the incident and their responsibility toward the affected individuals. Promptly informing victims of a breach allows them to take precautionary measures to protect their personal information and potentially minimize the impact of the breach. In this case, the class-action lawsuit suggests that the law firm failed in this regard.
It is crucial for organizations to prioritize cybersecurity and implement robust measures to safeguard their computer systems and sensitive data. In an increasingly digital landscape, where cyber threats are constantly evolving, defending against breaches requires ongoing vigilance and proactive efforts. By investing in comprehensive cybersecurity protocols, organizations can reduce the risk of falling victim to cyberattacks and mitigate the potential damage they may cause.
The victims of the Orrick, Herrington and Sutcliffe breach deserve proper compensation for the harm they have suffered. While the law firm is offering identity monitoring services for two years, the plaintiffs argue that this alone does not adequately address the impact of the breach. The severity of the breach and the potential risks faced by the affected individuals should be taken into consideration when determining the appropriate compensation.
This case serves as a reminder of the importance of proactive cybersecurity measures and swift and transparent incident response. Organizations must not only implement strong security protocols but also ensure they have a robust plan in place to handle any breaches that do occur. Promptly informing the affected individuals and taking appropriate steps to mitigate the damage can go a long way in restoring trust and minimizing the negative consequences of a data breach.
As the legal industry continues to face cyber threats, it is crucial for law firms to prioritize cybersecurity and invest in the necessary resources to protect their clients’ confidential information. Collaboration with cybersecurity experts and continuous training on best practices can help law firms stay ahead of potential threats and enhance their overall security posture.
In conclusion, the class-action suit against Orrick, Herrington and Sutcliffe highlights the impact of a data breach on the affected individuals and emphasizes the need for organizations to prioritize cybersecurity. By implementing robust security measures and promptly addressing any breaches, organizations can reduce the risk of falling victim to cybercrime and protect the sensitive information entrusted to them.