Top law firm specialized in data breaches… affected by data breaches
A leading law firm that specializes in helping other organizations in the aftermath of a data breach has ironically suffered such an incident itself.
Orrick, Herrington & Sutcliffe has sent a breach notification letter to affected individuals, confirming that they were victims of a burglary that occurred in March 2023.
Typically, the company helps other victims stay compliant with state laws and regulations regarding data management, privacy, and communications. Among other things, the company collects information about victims and uses it to notify government authorities.
Missing important details
It was precisely this data that the hackers got away with. Orrick claims that threat actors have stolen people's names, dates of birth, mailing and email addresses, Social Security Numbers (SSN), driver's license numbers, and tax identification numbers. In addition, online account login details and credit and debit card numbers were also used.
Finally, hackers have collected data on medical treatments and diagnoses, insurance claims, insurance numbers, and more.
The victims include people with vision plans at EyeMed Vision Care, dental plans at Delta Dental, as well as people using MultiPlan, Beacon Health Options and the U.S. Small Business Administration. In total, at least 637,000 people were affected.
Despite the large scale of the incident, some important details are left out. For example, we don't know who the threat actors are, or how they infiltrated the company's infrastructure (e.g., via malware or social engineering). We also don't know if this was a ransomware attack and, if so, what the demands are and whether the company plans to pay them or not.
Orrick spokesperson Jolie Goldstein said in a statement to TechCrunch: “We regret the inconvenience and distraction this malicious incident caused. We have made it our priority to resolve the issue as quickly as possible for our customers, the individuals whose data was affected, and our team.”
Through TechCrunch