[BreachExchange] Client Sues Law Firm for Failing to Disclose Data Breach

Destry Winant destry at riskbasedsecurity.com
Tue Mar 31 10:30:16 EDT 2020


https://lawstreetmedia.com/tech/client-sues-law-firm-for-failing-to-disclose-data-breach/

On March 27, Hiscox Insurance Company Inc. filed a complaint against
law firm Warden Grier for concealing a 2016 data breach. The complaint
alleges that Warden Grier chose not to disclose the data breach to
Hiscox, thereby breaching a contract between the two parties. This
case is being held in the Missouri Western District Court before Judge
Nanette K. Laughrey.

The complaint states that Warden Grier was the target of a December
2016 data breach, caused by an international hacker organization known
as “The Dark Overlord.” The hackers allegedly gained unauthorized
access to the firm’s servers, which contained sensitive and personal
information belonging to Hiscox and its insureds. Warden Grier
allegedly paid a ransom to the hackers so they would not disseminate
the information.

Warden Grier contacted the FBI and outside attorneys to investigate,
but they did not inform Hiscox of the matter. The insurance company
allegedly had no knowledge of the breach or the subsequent ransom
until March 28, 2018, when one of its employees “learned by
happenstance, through social media,” that some of the personal
information “had been leaked on the ‘dark web.’”

Hiscox is an Illinois-based insurance provider that insures risks
throughout the United States. According to the complaint, “As early as
2002, Hiscox entered into a working relationship with Warden Grier to
render professional services on behalf of Hiscox, and on behalf of
Hiscox’s insureds.” This relationship was governed by two Terms of
Engagement contracts that stated Warden Grier’s obligation “to take
adequate measures to protect sensitive [personal information]”
belonging to Hiscox, and to “notify Hiscox of any failure to maintain
the confidentiality of [personal information] belonging to Hiscox and
its insureds.”

As a result of the alleged negligence and breach of contract, Hiscox
seeks over $1,500,000 in damages.


More information about the BreachExchange mailing list