Orrick settles data breach lawsuits for $8m

US law firm Orrick, Herrington & Sutcliffe has agreed to pay $8m to settle a class action filed by plaintiffs whose personal information was stolen in a data breach in March 2023. The settlement is in relation to consolidated claims against the firm but Orrick stresses in the agreement that it denies that it failed to properly protect any personal data, had inadequate data security, or breached any laws.

The settlement is made, according to an agreement filed on 11 April in the US District Court in the Northern District of California, in light of the fact that the parties recognise the expense, difficulties and length of proceedings necessary to continue litigation, and the burden of proof necessary to establish liability and damages for the alleged claims.

The settlement benefits include three years of credit monitoring and identity protection services, including dark web monitoring, plus $1,000,000.00 in identity theft insurance. Orrick will also cover some ‘out of pocket expenses’ capped at $2,500, including costs and expenses spent addressing identity theft or fraud. Any claimant who wants to claim for ‘extraordinary losses’ around identity theft will have to prove that the losses stemmed from the data breach. Those costs are capped at $7,500.

The settlement fund will be used to pay for administration costs and attorney fees approved by the Court. The order says that in no event will Orrick be obliged to pay more than the $8m in connection with settling the action. It also states that the agreement will become null and void and cannot be used in a claim if the claimants were to issue further proceedings.

An Orrick spokesperson said: “We regret the inconvenience and distraction that this malicious incident caused. We made it our priority to resolve this matter as quickly as possible for our clients, the individuals whose data was impacted, and our team. We are pleased to reach this settlement, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm.”

newroom@legaltechnology.com