Orrick, Herrington & Sutcliffe LLP, a prominent U.S. law firm, has agreed to an $8 million settlement to resolve class action claims related to a significant breach of client data. This settlement comes after personal details such as names, addresses, dates of birth, and Social Security numbers of over 600,000 individuals were compromised. The data breach was originally detected in March 2023.

The settlement, which is still pending approval by U.S. District Judge Susan Illston, was reached after intense negotiations. Orrick has denied any wrongdoing, although it has offered identity monitoring services to the affected individuals.

Why it matters: The resolution of this case underscores the growing legal and financial repercussions for companies failing to safeguard personal data. As cyber threats become more sophisticated, the Orrick settlement serves as a critical reminder of the importance of strong data security measures and the potential consequences of breaches on a firm’s reputation and financial stability.

• Details of the Breach: Hackers obtained sensitive personal information from files held by Orrick, affecting over 600,000 people. The breach involved sensitive information from clients including Delta Dental of California and EyeMed Vision Care.

• Legal Proceedings: The case, filed in the Northern District of California, highlights the legal complexities and obligations surrounding data breaches. The plaintiffs criticized Orrick for the delay in notifying affected parties, a point that was addressed in the settlement negotiations.

• Firm’s Response: Despite denying liability, Orrick has taken responsibility for mitigating the impact on affected individuals by providing up to two years of free identity monitoring services.

Go Deeper -> Law firm Orrick agrees to $8 mln settlement over breach of client data – Reuters