Top legal firm specializing in data breaches…hit by data breach

Hundreds of thousands of people possibly affected

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A top legal firm that specializes in helping other organizations in the aftermath of a data breach has ironically suffered one such incident itself.

Orrick, Herrington & Sutcliffe has sent out a breach notification letter to affected individuals, confirming it had been the victim of an intrusion that happened in March 2023.

Usually, the company helps other victims remain compliant with state laws and regulations regarding data management, privacy, and communication. Among other things, the company collects victim information and uses it to notify state authorities.

Missing key details

It was this very data that the hackers made away with. Orrick claims threat actors stole people’s names, birth dates, postal and email addresses, Social Security Numbers (SSN), driver’s license numbers, and tax identification numbers. Furthermore, online account credentials, as well as credit and debit card numbers, were also taken.

Finally, hackers took data on medical treatment and diagnosis, insurance claims, insurance numbers, and more.

The victims include people with vision plans at EyeMed Vision Care, dental plans with Delta Dental, as well as those using MultiPlan, Beacon Health Options, and the U.S. Small Business Administration. In total, at least 637,000 people were affected.

Despite the large scale of the incident, some important details remain omitted. For example, we don’t know who the threat actors are, or how they infiltrated the company’s infrastructure (viamalware, or social engineering, for example). We also don’t know if this was a ransomware attack and, if so, what the demands are, and whether the company plans on paying them or not.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Issuing a statement to TechCrunch, Orrick spokesperson Jolie Goldstein said: “We regret the inconvenience and distraction that this malicious incident caused. We made it our priority to resolve it as quickly as possible for our clients, the individuals whose data was impacted, and our team.”

ViaTechCrunch

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

I fell in love with the cute and compact Hyundai Inster, but it has one major drawback