Orrick Settles Data Breach Lawsuits for $8 Million: Key Details and Implications

Orrick Settles Data Breach Lawsuits for $8 Million

In a landmark move, US law firm Orrick, Herrington & Sutcliffe has reached a settlement agreement totaling $8 million to resolve a class action lawsuit filed by plaintiffs affected by a significant data breach in March 2023. The settlement, which was filed on April 11 in the US District Court for the Northern District of California, addresses consolidated claims against the firm. Despite the settlement, Orrick maintains its stance, denying any failure to adequately protect personal data, citing inadequate data security, or breach of any laws.

The decision to settle stems from mutual recognition of the arduous nature and expense of continued litigation, as well as the substantial burden of proof required to establish liability and damages for the alleged claims. As part of the settlement, affected individuals stand to benefit from comprehensive measures aimed at mitigating the fallout from the data breach.

Among the key benefits outlined in the settlement are three years of credit monitoring and identity protection services, including robust dark web monitoring capabilities. Additionally, the settlement includes a substantial $1 million in identity theft insurance coverage. Orrick has also committed to covering certain out-of-pocket expenses, including costs incurred in addressing identity theft or fraud, up to a cap of $2,500. However, claimants seeking reimbursement for “extraordinary losses” related to identity theft will be required to provide evidence linking these losses directly to the data breach, with such claims capped at $7,500.

Importantly, the settlement fund will also cover administration costs and attorney fees approved by the Court, ensuring that affected individuals receive the necessary support and resources to navigate the aftermath of the breach. Notably, the agreement stipulates that Orrick’s total obligation in connection with settling the action shall not exceed the $8 million threshold. Furthermore, should claimants choose to pursue further legal action, the agreement will become null and void and cannot be used as a basis for future claims.

In response to the settlement, an Orrick spokesperson expressed regret over the inconvenience caused by the malicious incident and reaffirmed the firm’s commitment to resolving the matter expediently. The spokesperson emphasized the importance of protecting the firm’s systems and the information of its clients and team members, underscoring Orrick’s ongoing dedication to cybersecurity and data privacy.

“We regret the inconvenience and distraction that this malicious incident caused,” the spokesperson stated. “We made it our priority to resolve this matter as quickly as possible for our clients, the individuals whose data was impacted, and our team. We are pleased to reach this settlement, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm.”

The settlement marks a significant step towards closure for both Orrick and the affected individuals, providing a resolution to a complex and challenging legal battle while reaffirming the importance of robust data protection measures in an increasingly digital world. As the threat landscape continues to evolve, organizations must remain vigilant in safeguarding sensitive information and mitigating the risks associated with data breaches.

#Orrick #DataBreach #LegalNews #Settlement #Cybersecurity