this post was submitted on 05 Jan 2024
224 points (99.1% liked)

Technology

59207 readers
3055 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
224
Law firm that handles data breaches was hit by data breach | TechCrunch (techcrunch.com)
submitted 10 months ago* (last edited 10 months ago) by Elephant0991@lemmy.bleh.au to c/technology@lemmy.world
5 comments fedilink hide all child comments
 

cross-posted from: https://zerobytes.monster/post/5063838

I guess if the law firm handles its own data breach this way; you can expect the companies to handle the breaches the same way.

Summary

The international law firm Orrick, Herrington & Sutcliffe, specializing in handling security incidents for companies, suffered a cyberattack in March 2023, resulting in the exposure of sensitive health information belonging to over 637,000 data breach victims.

The stolen data included consumer names, dates of birth, postal address and email addresses, and government-issued identification numbers, such as Social Security numbers, passport and driver license numbers, and tax identification numbers. The data also includes medical treatment and diagnosis information, insurance claims information — such as the date and costs of services — and healthcare insurance numbers and provider details.

Orrick, serving as legal counsel during security incidents at other companies, revealed that the breach also affected clients such as EyeMed Vision Care, Delta Dental, MultiPlan, Beacon Health Options, and the U.S. Small Business Administration. The number of affected individuals tripled since the initial disclosure. Orrick reached a settlement for class action lawsuits in December, which accused Orrick of failing to inform victims of the breach until months after the incident, acknowledging the incident's impact and expressing regret for the inconvenience caused. The firm did not disclose details about the hackers' entry or whether a financial ransom was demanded.

top 5 comments
sorted by: hot top controversial new old
[–] crsu@lemmy.world 20 points 10 months ago

I work in infosec this is just plain amateur. Should have used an MS-DOS computer as the mainframe and kept it in a basement server room that is also a faraday cage. This is a room that is only accessible by Anthony Hopkins and his clone Blanthony Blopkins in a dual key system.

[–] Appoxo@lemmy.dbzer0.com 9 points 10 months ago (1 children)

They can discuss excellent rates for their internal affairs.

[–] Elephant0991@lemmy.bleh.au 6 points 10 months ago

Deeply discounted, yet with the satisfying conclusion that our external clients get! /s

[–] autotldr@lemmings.world 4 points 10 months ago

This is the best summary I could come up with:

An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims.

Orrick works with companies that are hit by security incidents, including data breaches, to handle regulatory requirements, such as obtaining victims’ information in order to notify state authorities and the individuals affected.

The number of individuals known to be affected by this data breach has risen by threefold since Orrick first disclosed the incident.

Orrick said in its most recent data breach notice that it “does not anticipate providing notifications on behalf of additional businesses,” but did not say how it came to this conclusion.

Orrick spokesperson Jolie Goldstein said in a statement: “We regret the inconvenience and distraction that this malicious incident caused.

“We are pleased to reach a settlement well within a year of the incident, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm,” added Orrick’s spokesperson.

The original article contains 509 words, the summary contains 178 words. Saved 65%. I'm a bot and I'm open source!

[–] ioslife@lemmy.sdf.org 2 points 10 months ago

NotTheOnion