Law Firm Houser LLP Failed to Prevent May 2023 Data Breach, Class Action Claims

New to ClassAction.org? Read our Newswire Disclaimer

Houser LLP faces a proposed class action lawsuit over a May 2023 cyberattack that compromised the personal data of more than 326,000 people.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 32-page data breach lawsuit says that the ransomware attack affected customers of the law firm’s clients, exposing personal information such as their names, Social Security numbers, driver’s license numbers, tax identification numbers, financial account details and medical information.

According to the Houser data breach notice letter, the law firm discovered on May 9, 2023 that certain files on its network had been encrypted. A subsequent investigation revealed that between May 7 and May 9, an unauthorized third party had accessed Houser’s computer systems and exfiltrated certain data stored therein, the notice relays.

As the suit tells it, the cybercriminals behind the intrusion made ransom demands in exchange for a decryption key for the encrypted files. Houser purportedly paid the ransom in June 2023, at which time the hackers claimed to have deleted the stolen data, the case shares.

“However, assurances from cybercriminals that they deleted stolen, sensitive [personally identifiable information] are worthless, as it involves trusting the very criminal actors who perpetrated the cyberattack in the first instance,” the suit says.

Notwithstanding, the law firm could have prevented the data breach entirely had it properly secured its network against cyberattacks, the complaint contends. The filing argues the defendant failed to implement data security measures appropriate to the nature of the sensitive information in its care.

The lawsuit also takes issue with Houser’s delayed notification of data breach victims. Although the law firm purports to have detected the incident in May 2023, it did not begin to notify impacted individuals until late February 2024, more than nine months later, the suit says.

The plaintiff, a Florida resident, received notice from Houser in February of this year informing him that his personal data had been compromised in the breach, the case relays. Like other victims, the man now faces a significantly increased risk of identity theft, fraud and other illegal schemes as a result of the firm’s negligence, the complaint claims.

The lawsuit looks to represent anyone in the United States whose personal information was maintained on Houser’s servers and compromised in the data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.