San Francisco-based law firm Orrick, Herrington & Sutcliffe, renowned for assisting companies in the aftermath of security incidents, finds itself at the center of a cybersecurity storm. Last week, the firm disclosed a data breach that compromised the personal and health information of more than 637,000 data breach victims. The Orrick data breach incident is particularly striking as the law firm specializes in handling regulatory requirements for companies facing security incidents, making their own vulnerability to such an attack all the more impactful.
Orrick Data Breach Details
In March 2023, hackers infiltrated Orrick’s network, targeting a file share and making off with a trove of sensitive data. The stolen information encompasses not only Orrick’s internal records but also extends to data related to security incidents at other companies, where Orrick provided legal counsel. The breach includes a vast array of personal details, ranging from names and dates of birth to government-issued identification numbers and healthcare-related information. The firm acknowledges that the stolen data also encompasses online account credentials and financial information, such as credit or debit card numbers.
Response of the Law Firm Following Cyber security Incident
The aftermath of the breach has seen Orrick notifying affected individuals, including those associated with major entities like EyeMed Vision Care, Delta Dental of California, MultiPlan, Beacon Health Options, and the U.S. Small Business Administration. The compromised data involves a comprehensive set of details, from medical treatment information to insurance claims and online account credentials. Orrick, however, remains tight-lipped about the initial entry point for the hackers and any potential ransom demands. The incident has prompted Orrick to reach a settlement to resolve class action lawsuits, addressing allegations of delayed disclosure.
Also read: Samsung Data Breach Exposes Personal Information of UK Customers