2 min Security

637,000 people become the victim of a data breach for the second time

637,000 people become the victim of a data breach for the second time

The US law firm Orrick, Herrington & Sutcliffe, which specializes in data breaches, became the victim of a data breach in early 2023. Data from hundreds of thousands of previous data breach victims were captured in the process. Even though the events occurred months ago, the leak was only recently disclosed.

Data breach-affected Orrick, Herrington & Sutcliffe primarily assist (large) companies in the U.S. that have been affected by a data breach. The cyberattack captured the sensitive health information of about 637,000 victims, it disclosed late last year. The international law firm held this sensitive information to handle the legal side of data breaches with authorities on behalf of victims.

Data breach occurred through file share

The law firm’s report shows that as early as March 2023, it was discovered that a hacker had penetrated the network. In doing so, it had gained access to a file share that held certain customer files.

The hacker accessed and managed to steal those files from Feb. 28, 2023, to March 13, 2023, when the leak was discovered. The law firm took immediate action, and no suspicious activity has been observed since then.

More specifically, the files were client files containing the health data of their own clients. Affected companies include U.S. insurance giant EyeMed Vision Care, health insurers Delta Dental and MultiPlan, health specialist Beacon Health Options and the U.S. Small Business Administration.

Settlement reached

Although the law firm previously notified most affected individuals, not all were satisfied. The December 2023 notice shows that Orrick, Herrington & Sutcliffe reached a settlement with several affected individuals who had filed class action complaints.

Also read: Data breaches aren’t setting records anymore, but there are more victims than ever