Houser LLP, a business litigation law firm, is facing a class action lawsuit in California federal court. The lawsuit alleges that the firm’s negligence in adequately securing its files from Houser LLP data breach resulted in the exposure and theft of personal data belonging to a man named Richard McMillen in 2023.
According to McMillen’s complaint filed on Monday, Houser LLP failed to promptly notify affected individuals about the breach, waiting 10 months before doing so.
As a result, McMillen and potential class members have had to invest their time, energy, and money in closely monitoring their personally identifiable information to prevent any misuse. McMillen claims to be a customer of a client of Houser LLP.
The Houser LLP Data Breach, What Happened?
Houser LLP, a California-based firm, recently confirmed a cyberattack that occurred in May 2023.
The firm reported the incident to the Office of the Maine Attorney General, revealing that 326,386 individuals were impacted by the data breach.
The compromised information includes sensitive details such as Social Security numbers, driver’s license numbers, individual tax identification numbers, financial account information, and medical information.
“Plaintiff is very concerned about the theft of his PII and has and will continue to spend substantial amounts of time and energy monitoring his credit status,”
“Had plaintiff known that defendant or anyone in defendant’s position would not implement reasonable data security necessary to protect his PII, he would not have entrusted it, directly or indirectly, to defendant.”
The complaint says.
According to the complaint, the law firm became aware of the Houser LLP ransomware attack after discovering encrypted files on its system.
Upon investigation, the firm found that personal information files had been stolen from the network. The hackers demanded a ransom in exchange for the encryption key needed to access the files.
After notifying the affected parties in late February, Houser LLP took steps to mitigate the impact. They offered free credit monitoring services to the affected individuals and provided guidance on how to prevent identity theft and fraud.
“Assurances from cybercriminals that they deleted stolen, sensitive PII are worthless, as it involves trusting the very criminal actors who perpetrated the cyberattack in the first instance,”
“Despite the alleged deletion of the stolen data by the cyberthieves, Houser itself believes that there is still a threat to plaintiff and other affected persons of identity theft or fraud.”
The complaint says.
House LLP Class Action LawSuit
McMillen has filed a Class action lawsuit against Houser LLP, alleging negligence, invasion of privacy, breach of quasi-contract, and unjust enrichment. He is seeking class certification, as well as compensatory, punitive, and triple damages, along with attorney’s fees.
As of now, representatives from both parties have not responded to a request for comment regarding the matter.
McMillen is being represented by John J. Nelson of Milberg Coleman Bryson Phillips Grossman PLLC. However, information regarding the legal counsel for Houser LLP is currently unavailable.
The case is titled as “McMillen v. Houser LLP”, case number 8:24-cv-00468, in the U.S. District Court for the Central District of California.
This follows Google that has also recently settled a 5 billion lawsuit for tracking users in incognito mode.