Insurance Data Breach Victims File Class-Action Suit Against Law FirmInsurance Data Breach Victims File Class-Action Suit Against Law Firm
This time, it's the law firm that got breached, then sued for what victims claim was inadequate protection and compensation for theft of personal data.

Victims of a March data breach have filed a class-action suit against law firm Orrick, Herrington and Sutcliffe, alleging the firm compromised the personal information of more than 152,000 people.
The suit further alleges the law firm failed to inform victims of the breach — individuals insured by Delta Dental in California and EyeMed Vision Care — until more than three months after the incident occurred, and then only reported the breach to several different state regulators in July.
The class-action suit also claims the firm "failed to implement reasonable measures to ensure their computer systems were protected [and] take adequate steps to prevent and stop the breach." Dennis Werley, a plaintiff in the case, stated that he has received phone calls from spammers claiming to know his personal identifiable information (PII). And the assumption is the threat actors are either using the PII themselves or sold it to third-party spammers.
For its part, Orrick, Herrington and Sutcliffe is providing breach victims with two years of identity monitoring to make up for the breach. Parties to the lawsuit said this is "woefully inadequate" compensation in comparison to the severity of the breach. No monetary amount was specified in the damages sought.
About the Author
You May Also Like
Uncovering Threats to Your Mainframe & How to Keep Host Access Secure
Feb 13, 2025Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025