The lawsuits, filed July 6 in the Eastern District of Pennsylvania, name Blank Rome as defendant and include lead plaintiffs Laura Delapaz and former California clients. The complaints allege negligence, breach of contract, breach of fiduciary duty, and violations of consumer protection statutes, specifically targeting the firm's failure to implement adequate staff training to identify social engineering schemes and its lack of industry-standard cybersecurity safeguards. The plaintiffs cite violations of HIPAA and the Federal Trade Commission Act.
Attorneys should monitor this case as a bellwether for data breach liability in the legal sector. The scale of exposure—over 57,000 individuals with critical identity data—and the straightforward negligence theory (inadequate IT security training) create significant precedent for similar claims against other firms. As the FBI has previously warned the legal profession about IT impersonation scams, courts may view failures to implement basic defense protocols as particularly culpable. Firms should audit their own email authentication systems, staff training protocols, and file-sharing restrictions now.