Class-Action Suit Targeting Law Firm Privacy Protections Could Be Unsealed

Photo by Spencer Weiner-Pool/Getty Images

The privacy focused class-action law firm Edelson P.C. announced it has filed a federal class-action under seal that targets a Chicago-based regional law firm for data security holes.

On Thursday morning, name partner Jay Edelson tweeted that he had filed a motion to unseal the complaint against the unnamed firm:


In an interview with Big Law Business in March, Edelson explained that his firm had conducted a year-long investigation and identified 15 major law firms with inadequate cybersecurity. He said his firm planned to file a series of lawsuits that target data security vulnerabilities at law firms on behalf of firm clients who have concerns about how their data is being protected.

“We file under seal so that, while the problem is still outstanding, hackers are not alerted to the holes,” Edelson said on Thursday.

In the case against the unnamed Chicago firm, the lawsuit asked for a temporary restraining order until the law firm patched its security holes. Now that’s been resolved, Edelson said, and he has asked the judge to unseal the entire case file, which would bring the identity of the law firm into the public.

About the defendant, Edelson said only that it is a regional firm that has been “an outspoken voice” on the need for law firms to improve cybersecurity, even saying failure to do so could be malpractice. But the firm suffered from a series of vulnerabilities which meant a sophisticated hacker could gain access to internal billing records and possibly email, according to Edelson.

Here’s some more information from Edelson:

• The lawsuits seek injunctive relief and damages.

• The complaints seek damages on the theory that “the law firm’s clients have — for decades — been overpaying for legal services (because they have been paying, in part, to keep their data secure — and the law firm hasn’t been keeping up with their end of the bargain.”

We’ll post updates when more information is available.

In March, Cravath Swaine & Moore took the rare step of publicly acknowledging that it had been hacked, and Big Law Business reported that the Edelson law firm — a Chicago-based plaintiff’s side shop that focuses on data security class actions — was planning a series of lawsuits against major law firms.

It is the latest sign that law firms continue to face scrutiny around their cybersecurity practices: Earlier this year, the FBI also issued an alert to law firms that they had discovered a hacker who planned to target international law firms as part of an insider-trading ring. In 2015, Citigroup issued an internal report that found “digital security at many law firms, despite improvements, generally remains below the standards for other industries.”

Have any other information? Email