The breach compromised hundreds of organizations and has sparked a proposed class action lawsuit
U.S. law firm Kirkland & Ellis has become embroiled in litigation concerning a wide-ranging data breach linked to the MOVEit Transfer file management software.
This breach, which compromised data at hundreds of organizations, has sparked a proposed class action lawsuit, Reuters reported. The lawsuit accused Kirkland & Ellis and several other companies, including health insurer Humana, of insufficiently safeguarding personal information affected by the May 2023 hack of MOVEit Transfer, developed by Massachusetts-based Progress Software. Hundreds of lawsuits have been filed against Progress and various other defendants, centralizing the litigation in Massachusetts federal court under U.S. District Judge Allison Burroughs.
The plaintiffs claimed that Kirkland & Ellis represented Trilogy Home Healthcare in its acquisition by Humana subsidiary CenterWell Home Health. Allegedly, Trilogy transferred legal files containing a "wide array" of private information to Kirkland using MOVEit. The lawsuit listed Progress Software, CenterWell, Trilogy, Kirkland, and Humana as defendants and has been filed on behalf of a proposed class of at least 4,700 individuals.
The hackers behind the breach, identified as the ransomware gang cl0p, claimed responsibility for stealing data from several law firms, including Kirkland and K&L Gates, in the weeks following the incident. Other notable victims included the University of California, Los Angeles, Siemens Energy, Abbvie, and Schneider Electric.
According to the complaint, Kirkland did not inform Trilogy of the software breach affecting its files until October, and Trilogy subsequently notified affected customers in March 2024. Plaintiff Judith Wilson stated she received a notification letter from Trilogy dated March 4, indicating that her personal information was compromised in the breach.
The increasing prevalence of law firms as defendants in data breach cases highlighted the growing concern over legal data security. Recently, a Chicago federal judge ruled that law firm Bryan Cave Leighton Paisner and snack food giant Mondelez must face part of a proposed class action over a data breach at Bryan Cave that compromised the personal information of thousands of Mondelez employees. Law firm Orrick, Herrington & Sutcliffe also agreed to a US$ 8 million settlement in another data breach case.