<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Law firm Kirkland sued in class action over MOVEit data breach</title></head><body>

By Sara Merken

June 10 (Reuters) -U.S. law firm Kirkland & Ellis, the world's largest law firm by revenue, has been pulled into U.S. litigation over a wide-ranging data breach linked to a file transfer tool that compromised data at hundreds of organizations.

A proposed class action filed on Friday accused Kirkland and several other companies, including health insurer Humana, of not doing enough to safeguard personal information that was affected by a May 2023 hack of Massachusetts-based Progress Software's MOVEit Transfer file management software.

Hundreds of lawsuits over the data breach that affected millions of peoplehave been filed against Progress and a growing number of defendants since last year, and have been centralized in Massachusetts federal court. U.S. District Judge Allison Burroughs is overseeing the multidistrict litigation.

Kirkland represented home healthcare agency Trilogy Home Healthcare in its acquisition last year by Humana subsidiary CenterWell Home Health, the lawsuit said. Trilogy allegedly transferred legal files that contained a "wide array" of private information to Kirkland using MOVEit.

The lawsuit named Progress, CenterWell and Trilogy as defendants in addition to Kirkland and Humana. It was filed on behalf of a proposed class of at least 4,700 people.

Spokespersons for Kirkland and Progress declined to comment. A Humana spokesperson did not immediately respond to requests for comment.

A lawyer for the plaintiffs also did not immediately respond to a request for comment.

The hackers behind the massive breach, the ransomware gang known as cl0p, claimed credit for stealing data from law firms including Kirkland and K&L Gates, in the weeks afterward. Other victimsincluded the University of California, Los Angeles, Siemens Energy, Abbvie and Schneider Electric.

Kirkland did not inform Trilogy that the software breach affected its files until October, and Trilogy did not notify affected customers until March 2024, according to the complaint.

The plaintiff, Judith Wilson, alleged that she received a letter from Trilogy dated March 4 that said the breach impacted her personal information.

Law firms are increasingly common defendants in data breach cases.

A Chicago federal judgeruled last week that law firm Bryan Cave Leighton Paisner and snack food giant Mondelez must face at least part of a proposed class action over a data breach at the law firm that compromised personal information belonging to thousands of Mondelez employees.

Law firm Orrick, Herrington & Sutcliffe recently agreed to an $8 million settlement in a data breach case.

The case is Wilson v. Progress Software Co, U.S. District Court for the District of Massachusetts, No. 1:24-cv-11492

For the plaintiff: Karen Hanson Riebel of Lockridge Grindal Nauen

For the defendants: Not immediately known

</body></html>