Insurance Data Breach Victims File Class-Action Suit Against Law Firm

This time, it's the law firm that got breached, then sued for what victims claim was inadequate protection and compensation for theft of personal data.

Dark Reading Staff, Dark Reading

August 16, 2023

1 Min Read
a paper that saw "Lawsuit" with a book on top of it.
Source: Wittrock via Shutterstock

Victims of a March data breach have filed a class-action suit against law firm Orrick, Herrington and Sutcliffe, alleging the firm compromised the personal information of more than 152,000 people.

The suit further alleges the law firm failed to inform victims of the breach — individuals insured by Delta Dental in California and EyeMed Vision Care — until more than three months after the incident occurred, and then only reported the breach to several different state regulators in July. 

The class-action suit also claims the firm "failed to implement reasonable measures to ensure their computer systems were protected [and] take adequate steps to prevent and stop the breach." Dennis Werley, a plaintiff in the case, stated that he has received phone calls from spammers claiming to know his personal identifiable information (PII). And the assumption is the threat actors are either using the PII themselves or sold it to third-party spammers.

For its part, Orrick, Herrington and Sutcliffe is providing breach victims with two years of identity monitoring to make up for the breach. Parties to the lawsuit said this is "woefully inadequate" compensation in comparison to the severity of the breach. No monetary amount was specified in the damages sought.  

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights