Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Orrick. Show all posts

Orrick Data Breach: Law Firm Dealing with Data Breaches Hit by One


An international law firm assists businesses impacted by security events has experienced a cyberattack, where it compromised the sensitive health information of hundreds of thousands of data breach victims. 

Orrick, Herrington & Sutcliffe, the San Francisco-based company revealed last week that that during an attack in March 2023, threat actors stole personal information and critical health data of more than 637,000 data breach victims.

Orrick said that the hackers had taken massive amounts of data from its systems related to security incidents at other organizations, for which he provided legal assistance, in a series of letters notifying those impacted of the data breach.

Orrick informs that the data involved in the breach involved its customers’ data, including those with dental policies with Delta Dental, a major healthcare insurance network that covers millions of Americans' dental needs, and those with vision plans with insurance company EyeMed Vision Care.

The company further added that it had contacted with the U.S. Small Business Administration, the behavioral health giant Beacon Health Options (now Carelon), and the health insurance provider MultiPlan that their data was also exposed in Orrick's data breach.

Apparently, the stolen data includes victims’ names, dates of birth, postal address and email addresses, and government-issued identification numbers, such as Social Security numbers, passport and driver license numbers, and tax identification numbers. Also, information about patient’s medical treatment and diagnosis details, insurance claim like date and service-charges, and healthcare insurance numbers and provider details have been compromised. 

Orrick further says that credit or debit card details as well as online account credentials were also involved in the breach. 

Since the initial announcement of the breach, the number of affected individuals have been on the rise. In its recent breach notice, Orrick states that it “does not anticipate providing notifications on behalf of additional businesses,” however the company did not specify how it came to this conclusion. 

Orrick said in December to a federal court in San Francisco that it reached a preliminary settlement to end four class action lawsuits that claimed Orrick failed to disclose the breach from victims for months after it had occurred.

“We are pleased to reach a settlement well within a year of the incident, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm,” added Orrick’s spokesperson.  

Orrick, Herrington & Sutcliffe: Law Firm Suffers Data Breach, Sensitive Health Info Leaked


A renowned San Francisco-based international law firm, Orrick, Herrington & Sutcliffe, recently suffered a data breach.

In the breach which was discovered in March 2023, sensitive health information belonging to more than 637,000 individuals was compromised. Apparently, the breach occurred on February 2, 2023, and was discovered on March 3, 2023. 

During the breach, the threat actors accessed a file share, revealing personal data and sensitive health information of victims. Amongst the total of 637,620 victims, 830 were ones belonging to Maine. 

The stolen data included a variety of information like names, date of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license, and tax identification numbers.

Moreover, medical details, insurance claims information, healthcare insurance numbers, provider details, online account credentials, and credit/debit card numbers were compromised.

According to an official filing, the company took immediate action by notifying the affected victims through a written notification. Also, identity theft protection services were offered in the form of a two-year Kroll identity monitoring service. 

The data leak also impacted the data-based security services of other companies for which the company provided legal counsel. Affected individuals included customers of vision plans from EyeMed Vision Care, dental plans from Delta Dental, and data from health insurance company MultiPlan, behavioural health giant Beacon Health Options (now known as Carelon), and the U.S. Small Business Administration.

Ongoing Investigations and Legal Implications

While there are speculations of a ransomware group being involved in the incident, no official statement has been published by Orrick, leaving room for suspicion on who is behind the attack. 

Also, the law firm is on its way to settle the class-action lawsuit stemming from the data breach. 

Acknowledging the inconvenience it had caused, the firm came to a preliminary settlement in principle to resolve four consolidated lawsuits involving hundreds of thousands of victims. 

While the specifics of the deal are still unknown, Orrick hopes to finalize agreements in 15 days. The proposed resolution tries to handle all claims connected to the breach, which exposed thousands of individuals' sensitive personal information, including names, addresses, dates of birth, and Social Security numbers. It is pending approval by U.S. District Judge Susan Illston.