Another US law firm reaches data breach settlement as cyber risks mount
Updated to include approval of Orrick settlement in paragraph 6.
By Sara Merken
Nov 8 (Reuters) -Florida business law firm Gunster has agreed to pay $8.5 million to resolve a proposed class action over a 2022 data breach that allegedly exposed the personal and health information of thousands of people.
Lawyers for the plaintiffs submitted the proposed settlement in Florida federal court on Thursday. It would resolve one of two cases filed this year against West Palm Beach-founded Gunster over a data security incident that allegedly compromised the personal data of nearly 10,000 people, including former and current clients and employees.
The agreement is subject to approval by U.S. District Judge Aileen Cannon. Gunster has denied the allegations and did not admit wrongdoing.
A Gunster representative on Friday said the firm will not comment on pending litigation. The firm's outside lawyers and a lawyer for the plaintiffs did not immediately respond to requests for comment.
The legal industry has been the target of growing cybersecurity attacks, including against law firms that often possess valuable confidential client information.
Orrick, Herrington & Sutcliffe in April reached an $8 million deal to settle a lawsuit over abreach that allegedly compromised personal data held by the firm on more than 600,000 people. A federal judge approved that settlement on Friday, according to an attorney for the plaintiffs.
Bryan Cave Leighton Paisner and snack food giant Mondelez reached a tentative $750,000 settlement in another data breach case last month.
The U.S. federal judiciary on Wednesday issued warnings about emails mimicking notifications of electronic court filings that seek to lure attorney recipients to a malicious website with computer viruses.
Plaintiff Mary Jane Whalen, a New York resident and former Gunster client, and plaintiff Christine Rona, a New York resident who was employed by Gunster to give healthcare services to the firm's high net worth clients, alleged in a complaint that Gunster failed to take adequate measures to protect personal information, among other claims.
Personal and sensitive information such as names, dates of birth, Social Security and banking information was "exfiltrated by cybercriminals" from the firm, the complaint said. Gunster in April issued data breach notifications that said there was unauthorized access to its document management file system.
The complaint alleged Gunster was likely a target because it is a large law firm that collects personal information and creates and maintains entities for wealthy clients.
Judge Cannon on Tuesday paused the other case against Gunster pending approval of the settlement.
The case is Whalen et al v. Gunster, Yoakley & Steward, U.S. District Court for the Southern District of Florida, No. 9:24-CV-80612.
For the plaintiffs: John Yanchunis of Morgan & Morgan and Brian Murray of Glancy Prongay & Murray
For Gunster: Kristine Brown of Alston & Bird and Jacqueline Arango of Akerman
Reporting by Sara Merken
Related Assets
Latest News
Disclaimer: The XM Group entities provide execution-only service and access to our Online Trading Facility, permitting a person to view and/or use the content available on or via the website, is not intended to change or expand on this, nor does it change or expand on this. Such access and use are always subject to: (i) Terms and Conditions; (ii) Risk Warnings; and (iii) Full Disclaimer. Such content is therefore provided as no more than general information. Particularly, please be aware that the contents of our Online Trading Facility are neither a solicitation, nor an offer to enter any transactions on the financial markets. Trading on any financial market involves a significant level of risk to your capital.
All material published on our Online Trading Facility is intended for educational/informational purposes only, and does not contain – nor should it be considered as containing – financial, investment tax or trading advice and recommendations; or a record of our trading prices; or an offer of, or solicitation for, a transaction in any financial instruments; or unsolicited financial promotions to you.
Any third-party content, as well as content prepared by XM, such as: opinions, news, research, analyses, prices and other information or links to third-party sites contained on this website are provided on an “as-is” basis, as general market commentary, and do not constitute investment advice. To the extent that any content is construed as investment research, you must note and accept that the content was not intended to and has not been prepared in accordance with legal requirements designed to promote the independence of investment research and as such, it would be considered as marketing communication under the relevant laws and regulations. Please ensure that you have read and understood our Notification on Non-Independent Investment. Research and Risk Warning concerning the foregoing information, which can be accessed here.