Kirkland & Ellis, the country’s largest law firm by revenue, faces significant legal scrutiny following a broad data breach impacting approximately 2,600 companies. The firm has been named in a lawsuit filed in a Massachusetts federal court, which is part of a multidistrict litigation stemming from a hack of Progress Software Corp.’s MOVEit file transfer software by Russian cybercriminals in May. More than 300 defendants have already been named as part of this litigation, according to data from the US Courts system.
The cyberattack involved unauthorized access to files transferred by Trilogy Home Healthcare to Kirkland & Ellis. The data in question included personally identifiable information such as Social Security numbers and health records. Trilogy Home Healthcare, Kirkland & Ellis, and Humana Inc.—the acquiring company in Trilogy’s 2023 acquisition—are all named as defendants in the lawsuit, which can be reviewed here.
The lawsuit alleges that Kirkland & Ellis failed to implement and maintain adequate data privacy and security measures to protect the sensitive information of class members. The ransomware group responsible for the hack publicized the law firm’s name among affected organizations in June last year; however, Trilogy was not informed of the breach’s extent until October, sparking criticism over the delay.
This incident is part of a wider pattern, as the data breach last year also affected other major firms such as K&L Gates and Proskauer Rose, as noted by The American Lawyer. A spokeswoman for Kirkland & Ellis declined to comment on the ongoing lawsuit. The case is pending as Wilson v. Progress Software Company, D. Mass., No. 1:24-cv-11492, filed June 7, 2024.
Additional details can be found in the original article by Bloomberg Law.