Law Firm Orrick, Herrington & Sutcliffe Hit with Class Action Over Data Breach Affecting 152K [SETTLED]
Last Updated on April 30, 2024
Jensen v. Orrick, Herrington & Sutcliffe, LLP
Filed: August 28, 2023 ◆§ 3:23-cv-04433-KAW
Orrick, Herrington & Sutcliffe, LLP faces a class action that claims the law firm failed to protect the personal information of 152,818 individuals from a March 2023 cyberattack.
April 30, 2024 – Orrick, Herrington & Sutcliffe Data Breach Lawsuit Resolved with $8M Settlement
An $8 million settlement has been reached between law firm Orrick, Herrington & Sutcliffe and the plaintiffs involved in four consolidated data breach lawsuits, including the proposed class action detailed on this page.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
The settlement agreement says that the proposed deal, if preliminarily approved by the court, will cover anyone in the United States who was sent notice that their personal information was accessed, stolen or compromised as a result of the data breach detected by Orrick in March 2023.
According to court records, the plaintiffs filed an unopposed motion detailing the terms of the proposed agreement with Orrick on April 11, 2024. The parties now await initial approval of the settlement terms from United States District Judge Susan Illston.
Per the agreement, Orrick will pay $8,000,000, which will be used to provide settlement benefits to class members who submit valid, timely claims. The document says that class members who file a claim will be eligible to receive three years of credit monitoring and identity protection services on top of the 24-month offer that the law firm previously extended in its initial data breach notice.
In addition, the settlement agreement relays that eligible class members may submit a claim for reimbursement of documented out-of-pocket expenses incurred as a result of the data breach, capped at $2,500 per person.
Eligible class members may also file a claim for reimbursement of up to $7,500 for “extraordinary losses”—i.e., documented costs incurred in connection with identity theft or other fraudulent charges—that can be reasonably linked to the data breach, the agreement shares.
The document adds that eligible class members may additionally submit a claim for up to five hours of lost time spent addressing issues related to the incident, at a rate of $25 per hour.
In lieu of the benefits listed above, class members may instead file a claim for a $75 cash payment, the settlement agreement points out.
Finally, on top of the aforementioned settlement benefits, California residents are also entitled to an added $150 cash payment, the document notes.
The plaintiffs’ motion says all payments will be adjusted on a pro rata basis depending on the total number of valid claims.
According to the settlement agreement, if the judge grants the motion for preliminary approval, notices will be sent to class members by mail and email within 60 days of the decision.
Court records indicate that a preliminary approval hearing is scheduled for May 31, 2024.
ClassAction.org will update this page if and when the official settlement website, OHSClassActionSettlement.com, goes live.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
February 22, 2024 – Orrick, Herrington & Sutcliffe Agreed to Settle Data Breach Lawsuits
Law firm Orrick, Herrington & Sutcliffe has agreed to settle four consolidated data breach lawsuits, including the proposed class action lawsuit detailed on this page.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
In a joint stipulation filed on December 21, 2023, the plaintiffs and the firm informed the court that they had agreed to settle the lawsuits on a class-wide basis.
According to a joint status report submitted on January 26, 2024, the parties are working “diligently” to finalize a formal settlement agreement, and they intend to file their motion for preliminary approval of the deal by February 25.
ClassAction.org will update this page if and when more settlement details are available, so be sure to check back often.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Orrick, Herrington & Sutcliffe, LLP faces a proposed class action that claims the law firm failed to protect the personal information of 152,818 individuals from a March 2023 cyberattack.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 37-page lawsuit says that after the firm purportedly discovered on March 13 that an unauthorized third party had infiltrated its network, a subsequent investigation revealed that hackers had accessed its computer systems and obtained certain files days before, on March 7. The suit relays that the private information compromised in the “massive” data breach included names, addresses, dates of birth and Social Security numbers.
According to the case, the international law firm “negligently” failed to implement reasonable data security measures to safeguard the personal information of its clients, which the suit alleges it stored in an “inadequately protected” computer network.
“In short, thanks to [Orrick’s] failure to protect the breach victims’ personal information,” the complaint argues, “cyber criminals were able to steal everything they could possibly need to commit nearly every conceivable form of identity theft and wreak havoc on the financial and personal lives of potentially millions of individuals.”
The filing also takes issue with the defendant’s delayed notification of victims of the cyberattack. Though the law firm purports to have detected the breach in March, it did not begin sending notices to impacted individuals until late June, nearly four months later, the suit shares.
“During this time, the cyber criminals had free reign to surveil and defraud their unsuspecting victims,” the lawsuit contends.
Per the case, although Orrick has offered affected individuals two years of complimentary identity monitoring services, the gesture is “woefully inadequate” and does not compensate for the lifelong risks of fraud and identity theft that victims now face as a result of the firm’s negligence.
The plaintiff, a North Carolina resident, received on August 18 of this year a notice informing him that his personal information had been compromised in the breach, the filing says. The man claims that he has experienced since the cyberattack a “flood” of spam calls from unknown sources.
The lawsuit looks to represent anyone whose personal information was compromised in the data breach discovered on March 13, 2023, including anyone who was sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.