Blank Rome has been hit with a proposed class action in the United States after a cybersecurity incident allegedly exposed the personal information of tens of thousands of current and former clients, adding the firm to a growing list of legal practices facing litigation over data breaches.
The lawsuit, filed in a federal court in Pennsylvania, claims the law firm failed to adequately protect confidential client information from hackers during a cyberattack that occurred on May 21. According to the complaint, approximately 57,554 individuals were affected.
The lead plaintiff, Laura Delapaz of California, alleges that the compromised information included names, residential addresses, dates of birth, Social Security numbers and taxpayer identification details. The suit further contends that Blank Rome did not notify those impacted until more than a month after the breach, leaving them exposed to potential identity theft and financial fraud.
Blank Rome has rejected the allegations, describing the incident as a limited security event. The firm said the breach stemmed from a sophisticated social engineering attack in which an individual posing as a member of the firm’s information technology team convinced one of its attorneys to upload files to an external file-sharing platform.
The firm maintains that it acted appropriately and has vowed to contest the claims in court, stating that it considers the lawsuit to be without merit.
The complaint argues that the incident was preventable and accuses the firm of failing to provide adequate cybersecurity training to employees while also neglecting to implement reasonable safeguards capable of protecting sensitive client information.
The case reflects a broader trend affecting the legal industry, where law firms have increasingly become attractive targets for cybercriminals. Because they routinely handle confidential financial records, corporate documents, litigation files and personal data, law firms often possess information that can be highly valuable to hackers.
In recent years, several prominent U.S. law firms have faced similar lawsuits following cybersecurity incidents, with some choosing to resolve the claims through settlements while others continue to defend themselves in court.
The proposed class action seeks to hold Blank Rome accountable for the alleged failure to secure client data and for the consequences suffered by those whose personal information was exposed.


