Menu
Browse

Cyber Incident Victim: WilmerHale

Date:

May 2026

Location:

United States of America

Summary

WilmerHale experienced a data breach in which an unauthorized third party obtained a limited set of client personal information. The firm notified affected clients that their information could have been accessed and stated the breach was isolated and quickly contained, with no evidence of misuse. A putative class action lawsuit was filed alleging negligence and seeking damages for the exposure of thousands of clients' data. It said it regretted the incident and is enhancing its security measures.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 0 motives 0 techniques
Threat Actors Type Location
0 actors Available to members Available to members

Description

In early May 2026 WilmerHale discovered a data breach involving client personal information after an unauthorized third party obtained a limited set of data from the firm. The firm determined that the hacker did not directly access WilmerHale’s systems or network and found no evidence that the compromised information had been misused or disclosed. Following the discovery, WilmerHale initiated an internal review and began notifying affected clients about the potential exposure of their private information. On July 10 2026 the firm sent notifications to clients stating that their personal information could have been obtained by hackers in the breach.

Cyber Incident Image

The notifications prompted a putative class action lawsuit filed on July 14 2026 in the United States District Court for the District of Columbia. The complaint, Perry v. Wilmer Cutler Pickering Hale & Dorr LLP, Case No. 1:26‑cv‑02470, alleges negligence and breach of contract on behalf of thousands of WilmerHale clients who may have had their personal information compromised. Lead plaintiff Jason Perry, a Las Vegas resident who identifies as a former WilmerHale client, contends that the firm intentionally, willfully, recklessly, and/or negligently failed to implement adequate safeguards to protect client data. The lawsuit seeks monetary damages for the alleged loss of personal information and cites similar data‑breach actions brought against other law firms within the preceding year, including Blank Rome, Wiley Rein, Fried Frank, and Pillsbury Winthrop.

In response to the litigation, WilmerHale issued a public statement expressing regret over the breach, characterizing the incident as isolated and quickly contained. The firm announced that it was enhancing its security measures to prevent future occurrences. A WilmerHale spokesperson reiterated that the unauthorized third party had obtained only a limited set of information, emphasized that there was no direct intrusion into the firm’s systems or network, and noted that there was no evidence the hacker had used or disclosed any client data. The firm’s legal representation in the matter is provided by Wise Law Firm and Cole & Van Note, who are acting as counsel for the lead plaintiff.

The case remains pending in the District of Columbia court, with the complaint having been filed on July 14 2026. No further details about settlement discussions, court rulings, or additional remedial actions have been disclosed in the available source material. The incident contributes to a broader awareness of cybersecurity risks faced by legal institutions that manage extensive volumes of sensitive client information.

Sources
Sources available to members
1 source