Ohio-based law firm Bricker & Eckler LLP has agreed to settle a class action lawsuit following a data breach affecting 420,532 individuals. The law firm is regularly employed by healthcare clients. On January 31, 2021, Bricker & Eckler discovered certain files had been encrypted on its systems. The law firm promptly took action to restrict the attack and launched a comprehensive forensic investigation with the help of forensic cyber security specialists to determine the nature of the attack and what information had been accessed.
The investigation concluded that the threat actors had gained access to the firm’s systems between January 14, 2021, and January 31, 2021. In this period, the hackers had gained access to and exfiltrated files containing sensitive client information. The information obtained by the hackers included names, addresses, medical information, education-related information, driver’s license numbers, and Social Security numbers. Bricker & Eckler could not confirm whether the ransom had been paid, however the law firm did retrieve the stolen data. The HHS’ Office for Civil Rights was notified of the breach in April 2021 and complimentary identity theft protection and credit monitoring services were offered to affected individuals.
After receiving word of the breach, a class action lawsuit was immediately filed against Bricker & Eckler on behalf of affected individuals. The plaintiffs alleged that the law firm was negligent in protecting sensitive client data as they failed to implement reasonable safeguards to ensure the data’s confidentiality and had not followed recognized security practices. Despite no admission of liability or wrongdoing, Bricker & Eckler agreed to settle the lawsuit for $1.95 million. Under the terms of the settlement, class members may submit claims for reimbursement losses of up to $5,000. Claims can also be made for unauthorized account charges, the price of setting up credit monitoring services, and other reasonable costs. In addition, the law firm will implement a further number of safeguards in order to ensure a breach of this nature does not occur again. Class members who seek a claim must submit one by December 21, 2022. The settlement’s final approval is due to take place on November 17, 2022.
