Kirkland & Ellis faces lawsuit over data breach involving MOVEit software

The breach compromised hundreds of organizations and has sparked a proposed class action lawsuit

Kirkland & Ellis faces lawsuit over data breach involving MOVEit software

U.S. law firm Kirkland & Ellis has become embroiled in litigation concerning a wide-ranging data breach linked to the MOVEit Transfer file management software.

This breach, which compromised data at hundreds of organizations, has sparked a proposed class action lawsuit, Reuters reported. The lawsuit accused Kirkland & Ellis and several other companies, including health insurer Humana, of insufficiently safeguarding personal information affected by the May 2023 hack of MOVEit Transfer, developed by Massachusetts-based Progress Software. Hundreds of lawsuits have been filed against Progress and various other defendants, centralizing the litigation in Massachusetts federal court under U.S. District Judge Allison Burroughs.

The plaintiffs claimed that Kirkland & Ellis represented Trilogy Home Healthcare in its acquisition by Humana subsidiary CenterWell Home Health. Allegedly, Trilogy transferred legal files containing a "wide array" of private information to Kirkland using MOVEit. The lawsuit listed Progress Software, CenterWell, Trilogy, Kirkland, and Humana as defendants and has been filed on behalf of a proposed class of at least 4,700 individuals.

The hackers behind the breach, identified as the ransomware gang cl0p, claimed responsibility for stealing data from several law firms, including Kirkland and K&L Gates, in the weeks following the incident. Other notable victims included the University of California, Los Angeles, Siemens Energy, Abbvie, and Schneider Electric.

According to the complaint, Kirkland did not inform Trilogy of the software breach affecting its files until October, and Trilogy subsequently notified affected customers in March 2024. Plaintiff Judith Wilson stated she received a notification letter from Trilogy dated March 4, indicating that her personal information was compromised in the breach.

The increasing prevalence of law firms as defendants in data breach cases highlighted the growing concern over legal data security. Recently, a Chicago federal judge ruled that law firm Bryan Cave Leighton Paisner and snack food giant Mondelez must face part of a proposed class action over a data breach at Bryan Cave that compromised the personal information of thousands of Mondelez employees. Law firm Orrick, Herrington & Sutcliffe also agreed to a US$ 8 million settlement in another data breach case.

Recent articles & video

There are tools to fight 'deep fakes' but there are limitations, OBA webinar attendees told

Alberta Court of Appeal to reconsider decision on disciplinary costs for regulatory bodies

BC Supreme Court awards damages despite credibility and pre-existing condition concerns

Ontario Superior Court requires father to undergo counseling before resuming parenting time

Ontario Court of Appeal increases fine for Dairy Queen in workplace injury case

BC Supreme Court denies application to sue on behalf of father's estate

Most Read Articles

Support orders not automatically spent if ‘child of marriage’ hits age of majority: BC appeal court

US federal judge upholds law suspending 97-year-old appeals judge

BC Supreme Court partially varies will to ensure fair estate distribution

Ontario Superior Court approves settlement in mortgage renewal class action