Unsealed suit targets law firm for alleged lax cybersecurity

  • Print.


A class-action complaint unsealed on Friday claims a Chicago law firm put client information at risk because of lax cybersecurity.

The suit claims Johnson & Bell had security holes in its email, time-entry software and virtual private network, the Am Law Daily (sub. req.) reports. The suit does not allege that any data was ever stolen.

The lawyer representing the plaintiff, Jay Edelson, told the publication he sought to unseal the case because the security problems have been fixed. The case, which is being moved to arbitration, is the first class action against a law firm for alleged inadequate cybersecurity that has been made public, Edelson told the Am Law Daily.

The law firm told the publication in a statement that the lawsuit is “specious” and it would pursue action against the plaintiff when the litigation is over. Johnson & Bell has more than 100 lawyers.

Edelson filed the complaint on behalf of Coinabul, a company once represented by Johnson & Bell in a suit claiming it had defrauded customers who sought to trade gold for bitcoin. Edelson had represented the plaintiff suing Coinabul.

Edelson has previously said he planned to sue law firms lacking cybersecurity measures, telling Bloomberg Big Law Business in March that he had identified 15 firms with security issues. The Am Law Daily asked Edelson if he had filed other suits.

“This is the first that has become public,” Edelson replied. “We’re not talking about [cases] that are not in the public record.”

Give us feedback, share a story tip or update, or report an error.