Smith Gambrell faces 2 suits over late disclosure of hack said to have exposed client information

  • Print.

cyber breach

Image from Shutterstock.

Two proposed class actions filed against Smith, Gambrell & Russell last week allege that the law firm failed to safeguard clients' private information and waited too long to disclose a hack of its cloud-based database.

More than 19,000 people were affected, according to the first lawsuit, filed March 6 in federal court in the Northern District of Georgia. The hack puts affected people at risk for identity and fraud, according to the second suit, filed March 9 in the Central District of California.

Law360 reported on the suits here and here.

The “significant cybersecurity breach” happened in July 2021, according to the second suit. The firm discovered the breach the next month, but those affected weren’t notified until January 2023, the second suit says. The first suit, however, says the firm began notifying people of the breach a year later—in August 2022.

The hack exposed personal information, such as names, Social Security numbers, health information and driver’s license numbers, the lawsuits say. People affected include Smith Gambrell’s clients, customers and employees.

The first suit, Livingston v. Smith, Gambrell & Russell, alleges negligence, breach of implied contract and breach of the implied covenant of good faith and fair dealing. The second suit, Owens v. Smith, Gambrell & Russell, alleges negligence, invasion of privacy and violation of California law.

A Smith Gambrell spokesperson did not immediately reply to an ABA Journal email and voicemail requesting comment.

Give us feedback, share a story tip or update, or report an error.