A top legal firm that specializes in helping other organizations in the aftermath of a data breach has ironically suffered one such incident itself.
Orrick, Herrington & Sutcliffe has sent out a breach notification letter to affected individuals, confirming it had been the victim of an intrusion that happened in March 2023.
Usually, the company helps other victims remain compliant with state laws and regulations regarding data management, privacy, and communication. Among other things, the company collects victim information and uses it to notify state authorities.
Missing key details
It was this very data that the hackers made away with. Orrick claims threat actors stole people’s names, birth dates, postal and email addresses, Social Security Numbers (SSN), driver’s license numbers, and tax identification numbers. Furthermore, online account credentials, as well as credit and debit card numbers, were also taken.
Finally, hackers took data on medical treatment and diagnosis, insurance claims, insurance numbers, and more.
The victims include people with vision plans at EyeMed Vision Care, dental plans with Delta Dental, as well as those using MultiPlan, Beacon Health Options, and the U.S. Small Business Administration. In total, at least 637,000 people were affected.
Despite the large scale of the incident, some important details remain omitted. For example, we don’t know who the threat actors are, or how they infiltrated the company’s infrastructure (via malware, or social engineering, for example). We also don’t know if this was a ransomware attack and, if so, what the demands are, and whether the company plans on paying them or not.
Issuing a statement to TechCrunch, Orrick spokesperson Jolie Goldstein said: “We regret the inconvenience and distraction that this malicious incident caused. We made it our priority to resolve it as quickly as possible for our clients, the individuals whose data was impacted, and our team.”
Via TechCrunch
