GrayRobinson, P.A., a prominent Florida-based law firm, is facing a proposed class action lawsuit alleging negligence in the wake of a data breach that exposed the personal information of approximately 65,000 individuals. The breach, which occurred between March 5 and March 24, 2025, involved unauthorized access to the firm’s network, potentially compromising sensitive data such as names, dates of birth, Social Security numbers, driver’s license numbers, financial account information, medical records, and health insurance details. ([gray-robinson.com](https://www.gray-robinson.com/p/192/notice-of-incident?utm_source=openai))
The lawsuit, filed in the U.S. District Court for the Middle District of Florida, contends that GrayRobinson failed to implement adequate data security measures, thereby allowing the breach to occur. The plaintiffs argue that the firm’s “reckless” handling of personal information has placed affected individuals at an increased risk of identity theft and financial fraud. ([law360.com](https://www.law360.com/articles/2470667/grayrobinson-sued-over-reckless-data-security-measures?utm_source=openai))
Upon discovering the breach on March 24, 2025, GrayRobinson took immediate steps to secure its network and launched an investigation with the assistance of external cybersecurity professionals. The firm also notified law enforcement agencies and began informing affected individuals on April 24, 2026. In response to the incident, GrayRobinson is offering complimentary credit monitoring and identity protection services through Experian IdentityWorks to those impacted. ([gray-robinson.com](https://www.gray-robinson.com/p/192/notice-of-incident?utm_source=openai))
Data breaches involving law firms are particularly concerning due to the sensitive nature of the information they handle. This incident underscores the critical importance of robust cybersecurity protocols within the legal industry to protect client data and maintain trust. ([classactionu.org](https://classactionu.org/current-data-breaches/grayrobinson/?utm_source=openai))
As the legal proceedings unfold, the case against GrayRobinson is expected to shed light on the responsibilities of law firms in safeguarding client information and the potential consequences of failing to meet these obligations.