Insurance Data Breach Victims File Class-Action Suit Against Law Firm

Victims of a March data breach have filed a class-action suit against law firm Orrick, Herrington and Sutcliffe, alleging the firm compromised the personal information of more than 152,000 people.

The suit further alleges the law firm failed to inform victims of the breach — individuals insured by Delta Dental in California and EyeMed Vision Care — until more than three months after the incident occurred, and then only reported the breach to several different state regulators in July. 

The class-action suit also claims the firm "failed to implement reasonable measures to ensure their computer systems were protected [and] take adequate steps to prevent and stop the breach." Dennis Werley, a plaintiff in the case, stated that he has received phone calls from spammers claiming to know his personal identifiable information (PII). And the assumption is the threat actors are either using the PII themselves or sold it to third-party spammers.

For its part, Orrick, Herrington and Sutcliffe is providing breach victims with two years of identity monitoring to make up for the breach. Parties to the lawsuit said this is "woefully inadequate" compensation in comparison to the severity of the breach. No monetary amount was specified in the damages sought.