Incident Details
Orrick, Herrington & Sutcliffe LLP has agreed to a settlement of $8 million to resolve combined class action lawsuits related to a cyber incident affecting around 461,100 individuals. Class counsel have requested approval of the settlement from the US District Court for the Northern District of California in a motion submitted without opposition on Thursday. The settlement terms include provision for payment of attorneys' fees up to 25% of the settlement amount, as well as expenses capped at $50,000.
Incident
How Did the Breach Happen?
On March 13, 2023, cybercriminals managed to infiltrate Orrick's poorly secured network, gaining unauthorized access to steal the confidential personal data of hundreds of thousands of people.
What Data has been Compromised?
Personal data from hundreds of thousands of people has been compromised, resulting in issues like identity theft, attempted identity theft, unauthorized use of their personal information, and receiving numerous unsolicited phone calls from unfamiliar individuals.
Why Did the company's Security Measures Fail?
Because the law firm did not sufficiently safeguard the Personal Information of the Breach Victims, cybercriminals were able to access all the necessary information to carry out different types of identity theft.
What Immediate Impact Did the Breach Have on the company?
They had to deal with combined class action lawsuits and decided to settle these claims by paying $8 million, in addition to covering legal expenses and service awards.
How could this have been prevented?
To avoid this breach, it was suggested that increasing security measures to safeguard confidential personal data, consistently updating and fixing systems, improving employee education on cybersecurity protocols, and conducting routine security reviews and evaluations could have been beneficial.
What have we learned from this data breach?
The recent security breach has emphasized the vital significance of giving priority to cybersecurity measures, implementing strong data protection strategies, staying proactive in addressing weaknesses, and responding promptly to incidents in order to reduce the impact of any potential harm.
Summary of Coverage
Orrick, Herrington & Sutcliffe LLP faced a security incident in March 2023 when unauthorized individuals gained access to their computer networks and extracted the private data of numerous people, resulting in consequences like fraudulent use of personal identities. Consequently, the firm resolved combined legal actions by deciding to provide $8 million in compensation, highlighting the imperative for enhanced protection protocols and preemptive cybersecurity approaches.