Ride the Lightning

Smith Gambrell Faces Two Class Actions: Alleged Late Disclosure of Breach Exposing Client Info

March 15, 2023

The ABA Journal reported on March 13 that two proposed class actions filed against Smith, Gambrell & Russell last week allege that the law firm failed to safeguard clients’ private information and waited too long to disclose a breach of its cloud-based database.

More than 19,000 people were affected, according to the first lawsuit, filed March 6 in federal court in the Northern District of Georgia. The breach puts affected people at risk for identity and fraud, according to the second suit, filed March 9 in the Central District of California.

 The “significant cybersecurity breach” happened in July 2021, according to the second suit. The firm learned of the breach in August 2021, but those affected weren’t notified until January 2023, the second suit says. The first suit, however, says the firm began notifying people of the breach a year later—in August 2022.

The breach exposed personal information, including names, Social Security numbers, health information and driver’s license numbers, the lawsuits say. Those affected include Smith Gambrell’s clients, customers and employees.

The first suit, Livingston v. Smith, Gambrell & Russell, alleges negligence, breach of implied contract and breach of the implied covenant of good faith and fair dealing. The second suit, Owens v. Smith, Gambrell & Russell, alleges negligence, invasion of privacy and violation of California law.

It does seem to me that there was a very long time between discovery of the breach and notification of those impacted.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson