Insurance Data Breach Victims File Class-Action Suit Against Law Firm
This time, it's the law firm that got breached, then sued for what victims claim was inadequate protection and compensation for theft of personal data.
Victims of a March data breach have filed a class-action suit against law firm Orrick, Herrington and Sutcliffe, alleging the firm compromised the personal information of more than 152,000 people.
The suit further alleges the law firm failed to inform victims of the breach — individuals insured by Delta Dental in California and EyeMed Vision Care — until more than three months after the incident occurred, and then only reported the breach to several different state regulators in July.
The class-action suit also claims the firm "failed to implement reasonable measures to ensure their computer systems were protected [and] take adequate steps to prevent and stop the breach." Dennis Werley, a plaintiff in the case, stated that he has received phone calls from spammers claiming to know his personal identifiable information (PII). And the assumption is the threat actors are either using the PII themselves or sold it to third-party spammers.
For its part, Orrick, Herrington and Sutcliffe is providing breach victims with two years of identity monitoring to make up for the breach. Parties to the lawsuit said this is "woefully inadequate" compensation in comparison to the severity of the breach. No monetary amount was specified in the damages sought.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024