Orrick, Herrington & Sutcliffe, a law firm that specializes in cyberattacks, last week disclosed that more than 600,000 individuals were impacted by a data breach that happened in early 2023.
Between February 28 and March 13, 2023, the company said attackers had unauthorized access to a portion of its network, including a file share storing files related to Orrick’s clients.
“Orrick has identified no evidence of further unauthorized activity since detecting the security incident on March 13,” the company said.
Orrick said its analysis of the exposed files determined that personal information pertaining to the customers of its clients was compromised in the attack, and that notification letters were sent to the impacted individuals starting June 2023.
Some of these individuals, the law firm said, were customers of companies that suffered data breaches. Their information was shared with Orrick to facilitate the provision of legal counseling to those companies.
The compromised personal information includes names, addresses, dates of birth, Social Security numbers, driver’s license or other government ID numbers, passport numbers, email addresses, financial account details, tax identification numbers, medical and health information, health insurance and healthcare provider details, online account credentials, and credit or debit card numbers.
“Orrick deployed additional security measures and tools with the guidance of third-party experts to strengthen the ongoing security of its network. Orrick is not aware of any misuse of the affected personal information,” the company said.
Orrick informed the Maine AGO that the incident impacted close to 638,000 individuals, customers of entities such as Carelon (previously Beacon Health Options), Delta Dental, EyeMed Vision Care, MultiPlan, and US Small Business Administration.
In December, the law firm said it had reached a tentative settlement in four class action suits related to the data breach, Reuters reported.
Founded in San Francisco in 1863, Orrick provides counseling on transactions, litigation, and regulatory matters for financial, government, infrastructure, technology, and other types of organizations.