A major U.S. law firm, WilmerHale, is facing a proposed class action in a federal court in Washington, D.C., after a cybersecurity incident allegedly exposed sensitive personal information belonging to clients and others connected to the firm.
The lawsuit, filed by Nevada resident Jason Perry, claims the firm failed to implement adequate safeguards to protect personally identifiable information stored on its systems. According to the complaint, the compromised data may have included names, Social Security numbers, and other confidential details.
Perry is seeking to represent a broader group of individuals who were allegedly affected by what the lawsuit describes as a large-scale and avoidable cyberattack. He states that the affected individuals had entrusted their personal information to the firm in connection with legal services and expected it to be properly secured.
In response, WilmerHale acknowledged that a third party recently obtained a limited amount of information during an incident that has affected several organizations across the legal sector. The firm maintained that its investigation indicates the event was isolated and that there is no evidence its internal systems were directly compromised or that any information was misused or publicly distributed.
The firm added that it is continuing to strengthen its cybersecurity defenses to address increasingly sophisticated digital threats.
Perry alleges he was notified by WilmerHale that his personal information had been involved in the breach. The complaint does not specify the nature of his relationship with the firm, which has more than 1,100 lawyers operating across offices in the United States and Europe.
Representatives for the plaintiff argued that the incident highlights serious shortcomings in data protection, particularly given the volume of highly confidential information handled by international law firms. They also noted that the full scale of the breach has not been publicly disclosed, although notifications have reportedly been submitted in multiple U.S. states.
The complaint alleges the security breach occurred in May but does not identify those responsible or explain how the attackers gained access. It simply states that one or more unauthorized parties obtained sensitive personal information belonging to members of the proposed class.
A data breach notification posted by the Vermont Attorney General’s office lists WilmerHale among organizations reporting a recent cybersecurity incident, indicating that 11 Vermont residents were affected.
The lawsuit seeks financial compensation for affected individuals along with a court order requiring WilmerHale to strengthen its data security practices and improve protections against future cyberattacks.
The case adds to a growing wave of litigation targeting prominent law firms over data breaches. In recent months, firms including Blank Rome, Fox Rothschild, Wiley Rein, and Pillsbury have also faced class action lawsuits stemming from cybersecurity incidents, underscoring the increasing focus of cybercriminals on the legal industry.


