The identity of the law firm remains undisclosed. The ruling hinged on whether plaintiffs had adequately alleged concrete, present injuries stemming from the breach. The specific details of the data exposed and the scope of affected clients have not been made public.
For law firms and their insurers, the decision underscores the difficulty of obtaining early dismissal in data-breach litigation when plaintiffs allege unauthorized access to sensitive client information. The court's willingness to permit amendment signals that Michigan federal judges are applying a permissive standard at the motion-to-dismiss phase, making it more likely these cases will survive to discovery and settlement negotiations rather than terminating on procedural grounds.