Orrick Herrington Hit with Another Lawsuit from Hacker Attack

Orrick, Herrington & Sutcliffe LLP was sued Monday for a second time arising from a springtime data breach that allegedly allowed personal information including Social Security numbers of nearly 153,000 individuals to be accessed.

The US District Court for the Northern District of California lawsuit said hackers on March 13 “infiltrated and accessed the inadequately protected computer systems” of the international law firm and “stole the sensitive personal information” of over 152,818 people, including names, addresses, and birth dates.

“In short, thanks to Defendant’s failure to protect the Breach Victims’ Personal Information, cyber criminals were able to steal everything they could possibly need to commit nearly every conceivable form of identity theft and wreak havoc on the financial and personal lives of potentially millions of individuals,” the lawsuit said.

The filing alleges Orrick failed to create and implement reasonable data security practices, including training employees and others who accessed the information. It also alleges that the firm didn’t tell individuals their data had been compromised for four months after the incursion.

Accusing the firm of negligence, breaches of fiduciary duty, confidence, and implied contract, and invasion of privacy, the plaintiff Robert Jensen seeks certification of a class of those who received letters notifying them of the breach.

Firm representatives didn’t immediately respond to a request for comment.

The firm Aug. 11 was sued, also in San Francisco federal court, brought by the same law firms, Green & Noblin PC and Federman & Sherwood.

The case isJensen v. Orrick, Herrington & Sutcliffe, LLP, N.D. Cal., No. 3:23-cv-04433, filed 8/28/23.