The Sheffield Press

US News

WilmerHale faces class action after data breach exposes client data

By Mike Shaw ·
WilmerHale faces class action after data breach exposes client data

WilmerHale was sued in federal court in Washington, D.C., on July 14, 2026, after a data breach allegedly exposed confidential client information and put one of the country’s most prominent law firms under the same kind of scrutiny now facing banks and hospitals. The class action, filed in the U.S. District Court for the District of Columbia as Perry v. Wilmer Cutler Pickering Hale & Dorr LLP, No. 1:26-cv-02470, seeks negligence and breach-of-contract damages on behalf of thousands of clients.

The complaint says the alleged compromise involved names and Social Security numbers, information that can fuel identity theft and long-running privacy harm when it leaves a firm’s control. One account says WilmerHale began notifying affected individuals on July 10, 2026, while another says the data may have been accessed as early as November 11, 2025, raising questions about how long sensitive material may have remained exposed before notice went out.

AI-generated illustration
AI-generated illustration

For a law firm, the stakes run beyond ordinary data-loss claims. WilmerHale handles merger documents, personnel records, investigations, and strategy materials for clients who choose the firm precisely because of its confidentiality obligations. The lawsuit puts that promise at the center of a public dispute and tests whether a major legal institution can be treated like any other custodian of private data when the breach involves information that may be protected by privilege as well as contract.

The case also fits a wider wave of breach litigation, where plaintiffs increasingly use class actions to seek compensation and force organizations to explain what went wrong. In Vermont, a summary of a breach filing said 11 residents were affected, and the state requires companies to report breaches involving residents’ private data to the Vermont Attorney General’s Office. That kind of reporting has become part of the same accountability chain that now follows healthcare systems and financial firms after cyber incidents.

Related stock photo
Photo by Ann H

WilmerHale’s own website says the firm is recognized for cybersecurity and privacy work and has advised clients on breach investigations, incident response, regulatory requirements, and law-enforcement interactions. That background adds to the reputational pressure now attached to the lawsuit, which frames the firm not just as a victim of cybercrime but as a steward that plaintiffs say failed to protect the data it was entrusted to keep safe.

US newsWilmerHale