in Newswire Published on April 20, 2023

Spear Wilderman Facing Class Action Over 2021 Data Breach [UPDATE]

Last Updated on November 16, 2023

Raniell v. Spear Wilderman, P.C.

Filed: April 14, 2023 ◆§ 2:23-cv-01442

A class action claims negligence on the part of Spear Wilderman, P.C. resulted in a 2021 data breach that compromised the personal information of at least tens of thousands of people.

Defendant(s)

Spear Wilderman, P.C.

Law(s)

State(s)

Pennsylvania

November 16, 2023 – Spear Wilderman 2021 Data Breach Class Action Settled for $800K; Deal Awaits Final Approval

The proposed class action detailed on this page and a related case have settled for $800,000, and the official settlement website can be found at SpearLawDataSettlement.com.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The settlement, which was preliminarily approved by the court on September 8, 2023, covers anyone in the United States whose private information was actually or potentially accessed or obtained during the data security incident that is the subject of the notice letter sent on or around November 16, 2022.

The plaintiff filed with the court a settlement agreement with Spear Wilderman on July 28, 2023, and the parties now await final approval of the settlement terms from the Philadelphia court.

As part of the deal, Spear Wilderman will pay $800,000, which will be distributed among class members who submit timely, valid claims. To receive a share of the funds, you must file a claim form online or by mail by November 27, 2023.

Head here to file a claim online, or download the form here. To submit a claim, you will need your claim number and PIN, which can be found on the postcard notice sent to class members no later than October 10, 2023.

According to the settlement website, the deal provides class members with cash payments and reimbursement for out-of-pocket losses. Consumers who file a valid claim for a cash payment will receive approximately $125, depending on the amount of the settlement fund used to pay attorneys’ fees, service awards and administration costs, and the total number of valid claims submitted. Per the preliminary approval order, it is estimated that there are more than 86,000 class members covered by the settlement.

The website explains that each class member who files a valid claim is eligible to receive up to $1,500 in reimbursement for “documented out-of-pocket losses that are fairly traceable to the Data Incident,” though this amount includes any cash payment for which the individual may qualify. No individual will receive a benefit totaling more than $1,500, the website says. According to the settlement agreement, class members can select to be paid via Venmo, prepaid credit card or check.

A final approval hearing is scheduled for December 20, 2023. Payments will be distributed to eligible class members if the court grants final approval to the deal, and after any appeals or objections are resolved.

Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.

A proposed class action claims negligence on the part of Spear Wilderman, P.C. resulted in a “foreseeable” 2021 data breach that compromised the personal information of at least tens of thousands of people.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 44-page case says that Spear Wilderman, a union-side labor law firm, discovered on May 7, 2021 that an unauthorized party had infiltrated its systems. The lawsuit states that those who were impacted by the cyberattack—current and former clients and certain parties or witnesses to legal matters in which the firm was involved—had the following information, and potentially more, exposed during the breach:

Names;
Addresses;
Dates of birth;
Employment positions;
Pay amounts;
Driver’s license numbers;
Social Security numbers;
Account numbers;
Credit card numbers;
Routing numbers;
Account balances; and/or
Account statuses.

According to the lawsuit, cybercriminals were able to “easily” hack Spear Wilderman’s network because the law firm stored personal information in a database that could be accessed without a password or multifactor authentication.

The complaint alleges that victims’ unencrypted information has already been listed for sale on the dark web, exposing them to a “substantial and imminent” risk of identity theft and fraud. The plaintiff, a Pennsylvania resident, says that money was fraudulently withdrawn from his bank account using his name, Social Security number and account information nearly two years after the data breach occurred.

“Given the theft of information that is largely static— like Social Security numbers—this risk will remain with Plaintiff and Class Members for the rest of their lives,” the filing emphasizes.

To make matters worse, the case says, Spear Wilderman waited until November 16, 2022 to inform affected individuals that their information had been stolen, roughly 18 months after the cyberattack was purportedly discovered by the firm.

Per the suit, the law firm knew or should have known that it had a legal duty to properly safeguard consumers’ data from unauthorized access yet nevertheless failed to implement so much as “basic” cybersecurity measures that could have prevented the cyberattack, such as password protection, encryption or multifactor authentication.

The lawsuit seeks to represent anyone whose private information was actually or potentially accessed or acquired during the data breach event that is the subject of the data breach notice that Spear Wilderman, P.C. published to the plaintiff and other class members on or around November 16, 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits