Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Law firm Orrick data breach impacted 638,000 individuals

Law firm Orrick, Herrington & Sutcliffe disclosed a data breach that took place in early 2023, which impacted roughly 600,000 individuals. The law firm Orrick, Herrington & Sutcliffe, disclosed a data breach that impacted 638,000 individuals. An authorized actor gained access to the company network between February 28 and March 13. The intruders gained access […]

Xsolis

Law firm Orrick, Herrington & Sutcliffe disclosed a data breach that took place in early 2023, which impacted roughly 600,000 individuals.

The law firm Orrick, Herrington & Sutcliffe, disclosed a data breach that impacted 638,000 individuals.

An authorized actor gained access to the company network between February 28 and March 13. The intruders gained access to a storage containing files related to the clients of the law firm.

Orrick, Herrington & Sutcliffe LLP is a global law firm with a focus on serving clients in the technology, energy, and financial sectors. It provides legal services in various practice areas, including corporate, finance, litigation, intellectual property, and cybersecurity. The firm has offices in multiple countries and is known for its representation of technology and innovation-driven companies.

Some of these people were customers of Orrick’s clients who suffered data breaches.

Orrick explained that it immediately took steps to block the unauthorized access and launched an investigation into the security incident.

“On March 13, 2023, Orrick detected that an unauthorized third party gained remote access to a portion of its network, including a file share that Orrick used to store certain client files.” reads the data breach notification.

“Orrick also notified law enforcement. Orrick has identified no evidence of further unauthorized activity since detecting the security incident on March 13.”

The law firm notified the impacted clients’ customers, and the exposed info varies for each individual. The information affected may have included: name, address, email address, date of birth, Social Security number, driver’s license or other government-issued identification number, passport number, financial account information, tax identification number, medical treatment and/or diagnosis information, claims information (date, cost of services, and claims identifiers), health insurance.

In December 2023, the law firm announced that it was working out a settlement with class action plaintiffs who said their personal information was compromised in a March 2023 data breach.

Reuters reported that Orrick, in a court filing in San Francisco federal court, said it reached an agreement in principle to settle four consolidated lawsuits brought on behalf of hundreds of thousands of alleged victims of the breach.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)