Prominent U.S. [2] law firm Orrick [1] [2], Herrington and Sutcliffe is currently facing a federal class-action lawsuit due to a significant data breach. This breach has raised concerns about legal and privacy issues, highlighting the need for robust cybersecurity measures [2].


Orrick [1] [2] [3] [4], Herrington and Sutcliffe [1] [2] [3] [4], an internationally renowned law firm, is being sued by Dennis R. Werley for negligence, breach of confidence [4], and invasion of privacy [4]. The breach occurred on March 7, 2023, compromising the personal information of over 152,818 individuals [1] [2], including names [2] [4], addresses [2] [4], dates of birth [2] [4], and Social Security numbers [2] [4]. The breach involved client data from dental plans with Delta Dental of California and vision plans via EyeMed Vision Care [2]. It is alleged that Orrick failed to promptly notify the affected individuals [2], with notification occurring more than three months later on June 30 [2]. One plaintiff reported receiving unsolicited spam calls [2], suggesting that the accessed personal information may have been sold to third-party spammers. It is worth noting that Orrick had previously represented EyeMed in a data breach in 2020. In response to the breach, Orrick has offered affected individuals a two-year identity monitoring plan as compensation [2]. However, the parties involved in the lawsuit consider this offer inadequate [1], and no specific monetary amount has been mentioned in the damages sought [1].


This incident highlights the increasing trend of cybersecurity attacks targeting law firms and emphasizes the need for robust cybersecurity measures [2]. The legal and cybersecurity communities are closely monitoring this case and its potential implications for data protection standards and legal responsibilities [2].