Washington, D.C.

Top D.C. Law Firm Smacked With Suit Over Social Security Data Scare

AI Assisted Icon
Published on July 15, 2026
Top D.C. Law Firm Smacked With Suit Over Social Security Data ScareSource: Wikipedia/ajay_suresh, CC BY 4.0, via Wikimedia Commons

Wilmer Cutler Pickering Hale & Dorr, better known as WilmerHale, is staring down a proposed class action after an unauthorized party got hold of a limited batch of sensitive data, including names and Social Security numbers. The complaint, filed July 14 in federal court in Washington, D.C., was brought by Jason Perry on behalf of himself and thousands of others who are seeking unspecified monetary damages along with changes to the firm's security practices. The lawsuit landed shortly after a Vermont attorney general breach listing indicated about 11 Vermont residents were affected.

The lawsuit

According to Reuters, the case is docketed in the U.S. District Court for the District of Columbia as 1:26-cv-02470, with Perry serving as lead plaintiff. The filing lists Laura Grace Van Note of Cole & Van Note and David Wise of Wise Law Firm as plaintiff counsel. The complaint alleges WilmerHale failed to adequately protect personally identifiable information and asks the court for unspecified monetary relief and court ordered security improvements.

Firm's response

WilmerHale, in a statement to Reuters, acknowledged that "an unauthorized third party recently obtained a limited set of information from the firm" but said the third party "did not directly access the firm's systems or network." The firm characterized the incident as isolated, said "no internal data was misused or disseminated," and added that it is continuing to investigate what happened.

Vermont notice and outside scrutiny

Federman & Sherwood, a national consumer protection law firm, reports that the incident was disclosed to the Vermont Attorney General and notes that a July 10 notice listed about 11 Vermont residents as affected. According to the firm, the potentially compromised information may include Social Security numbers, and Federman & Sherwood says it is looking into whether WilmerHale maintained reasonable safeguards. The Vermont notice, combined with the federal lawsuit, has prompted outside counsel to begin outreach and inquiries on behalf of people who may have been swept up in the breach.

Why law firms are being targeted

Security experts say law firms make tempting marks because they sit on large troves of sensitive client and employee data while depending on a thicket of third party tools that can expand their attack surface. Bloomberg Law notes an uptick in attacks and related class actions, with plaintiffs frequently alleging negligence and breach of fiduciary duty and asking courts to order audits, security upgrades, and credit monitoring. That pattern has led to settlements and significant litigation risk for firms when Social Security numbers and other highly sensitive details are at issue.

Legal implications

State breach notification and data security rules do not line up neatly across the country, and the National Conference of State Legislatures points out that jurisdictions set different timelines and thresholds for alerting attorneys general and affected residents. If state regulators or attorneys general decide to dig in, law firms can face enforcement actions on top of private lawsuits, while plaintiffs may push for injunctive relief, damages, and systemic security changes. The WilmerHale case is poised to test how courts weigh exposure risk, proof of harm, and appropriate remedies in the context of law firm cyber incidents.

The case is still in its early pleadings stage in D.C. federal court under docket number 1:26-cv-02470. WilmerHale says it is continuing to investigate the incident, and outside firms and consumer attorneys are closely watching as the litigation moves toward discovery.