Particle.news
Download on the App Store

Blank Rome Sued After 57,554 Clients' Data Was Exposed When an Attorney Was Tricked

Plaintiffs say the incident shows firm-level security failures that exposed Social Security and medical records and could drive stricter rules for law-firm cybersecurity.

Overview

  • The complaints filed in the Eastern District of Pennsylvania say an attacker posing as IT convinced a Blank Rome attorney to upload files to an external Google Drive on May 21, exposing data for 57,554 current, former and prospective clients.
  • Plaintiffs say the exposed records include names, Social Security numbers, addresses, dates of birth, driver’s license and passport numbers, and medical and health insurance information.
  • Blank Rome says it discovered the incident within two hours, removed the files, notified law enforcement, engaged cybersecurity experts, and offered complimentary credit monitoring to affected people.
  • The suits, filed July 6–7, accuse the firm of negligence, breach of contract, failure to meet industry and federal medical-privacy safeguards, delayed notification to clients and seek class certification plus longer or lifetime identity-restoration services.
  • The case fits a growing trend of lucrative class actions against law firms after breaches and could prompt closer regulatory or bar scrutiny of law-firm cybersecurity and training practices.