Cyber Incident Victim: Reyes & Barsoum L.L.P.
Date:
Apr 2014
Location:
United States of America
Summary
A lawsuit alleges three major California workers compensation insurers—Berkshire Hathaway Homestate, Cypress Insurance, and Zenith Insurance—directed private investigators to illegally hack confidential attorney-client files from Reyes & Barsoum L.L.P., compromising over 32,000 injured workers' Social Security numbers, medical records, addresses, and privileged litigation documents. Investigators William Reynolds and Oliver Glover admitted to downloading thousands of files through unauthorized server access, allegedly enabling insurers to gain unfair advantages in claims disputes and reduce settlement payouts. The breach was discovered when opposing counsel presented unlawfully obtained documents during a workers compensation hearing, revealing compromised data stored on HQSU Sign Up Services' platform. A related class action remains pending in federal court.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
The incident originated from a 2016 federal lawsuit filed by Adela Gonzalez in the U.S. District Court for the Central District of California, Los Angeles, alleging systematic unauthorized access to confidential workers' compensation files. Gonzalez, represented by Reyes & Barsoum L.L.P., claimed three major insurers—Berkshire Hathaway Homestate Companies, Cypress Insurance, and Zenith Insurance—contracted private investigators William Reynolds and Oliver Glover to illegally access attorney-client privileged documents stored on law firm servers. The compromised data included Social Security numbers, birth dates, home addresses, medical records, and litigation materials belonging to over 32,000 injured workers. HQSU Sign Up Services Inc., a Palmdale-based firm hosting the sensitive data, was implicated as the repository breached during the multi-year intrusion. Investigators reportedly used stolen credentials or vulnerabilities to extract claimant files, enabling insurers to gain strategic advantages in settlement negotiations and litigation by accessing opposing counsel's confidential work product.
The intrusion timeline extended from at least April 2014, when Workers' Compensation Appeals Board Judge Paige Levy discovered Knox Ricksen L.L.P. attorneys possessed privileged intake documents during a hearing, prompting disclosure that HQSU's web platform was the source. Reynolds admitted before the California Workers' Compensation Appeals Board to downloading 33,000+ files, while Glover acknowledged unauthorized access during a 2015 Los Angeles Superior Court deposition. The Gonzalez complaint asserted insurers directed the hacking campaign to reduce claim payouts, with damages remaining unspecified in the class-action filing. A related 2015 case, Hector Casillas v. Berkshire Hathaway Homestate Companies et al., remained pending in parallel proceedings. No containment measures, technical remediation details, or regulatory responses were documented in available materials, though the breach exposed systemic vulnerabilities in legal data stewardship for workers' compensation litigation.