Insurance Data Breach Victims File Class-Action Suit Against Law Firm
This time, it's the law firm that got breached, then sued for what victims claim was inadequate protection and compensation for theft of personal data.
Victims of a March data breach have filed a class-action suit against law firm Orrick, Herrington and Sutcliffe, alleging the firm compromised the personal information of more than 152,000 people.
The suit further alleges the law firm failed to inform victims of the breach — individuals insured by Delta Dental in California and EyeMed Vision Care — until more than three months after the incident occurred, and then only reported the breach to several different state regulators in July.
The class-action suit also claims the firm "failed to implement reasonable measures to ensure their computer systems were protected [and] take adequate steps to prevent and stop the breach." Dennis Werley, a plaintiff in the case, stated that he has received phone calls from spammers claiming to know his personal identifiable information (PII). And the assumption is the threat actors are either using the PII themselves or sold it to third-party spammers.
For its part, Orrick, Herrington and Sutcliffe is providing breach victims with two years of identity monitoring to make up for the breach. Parties to the lawsuit said this is "woefully inadequate" compensation in comparison to the severity of the breach. No monetary amount was specified in the damages sought.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024