OHSL A.I CyberSecurity Scoring
OHSL
Company Information
Website:https://www.orrick.com
Employees number:3,100
Number of followers:65,035
NAICS:54111
Industry Type:Law Practice
Homepage:orrick.com
OHSL Risk Score (AI oriented)
Between 0 and 549
OHSLLaw Practice
Updated:
30/06/2026
30/06/2026
529/1000
Critical
C
OHSL Global Score (TPRM)
xxxx
OHSLLaw Practice
Score locked

OHSLCritical
Current Score
529C (CRITICAL)
01000
4 incidents
-62 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
530
JUNE 2026
527
MAY 2026
520
APRIL 2026
519
MARCH 2026
515
FEBRUARY 2026
510
JANUARY 2026
563
Breach
01 Jan 2026 • OHSL
Orrick and Herrington & Sutcliffe: Orrick Ex-Employee Drops Data Breach Suit Hours After Filing It
Orrick Ex-Employee Withdraws Data Breach Lawsuit
501
HIGH-62
ORR1777062892
Orrick Ex-Employee Withdraws Data Breach Lawsuit Shortly After Filing
A former employee of Orrick, Herrington & Sutcliffe voluntarily dismissed a data breach lawsuit against the law firm just hours after filing it in a California federal court. Joseph Casillas, the plaintiff, had sought damages for himself and other alleged victims of a January cyberattack, accusing Orrick of failing to safeguard his personal information.
Casillas’ legal team, including attorney Andrew Gunem, did not immediately respond to requests for comment following the dismissal. The withdrawal was filed without prejudice, meaning Casillas retains the option to refile the complaint in a different jurisdiction.
Orrick has not publicly commented on the case since the lawsuit was dropped. The incident highlights ongoing legal and security challenges for organizations following cyber incidents, particularly when employee data is compromised.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
560
NOVEMBER 2025
559
OCTOBER 2025
555
SEPTEMBER 2025
550
AUGUST 2025
546
MARCH 2023
682
Breach
01 Mar 2023 • OHSL
Orrick, Herrington & Sutcliffe
Cybersecurity Threats and Data Breaches in Law Firms (2023-2025)
534
CRITICAL-148
ORR1642316100525
In March 2023, Orrick, Herrington & Sutcliffe suffered a major data breach where hackers infiltrated their systems, compromising the names, addresses, birth dates, and Social Security numbers of over 600,000 individuals. The breach led to a class-action lawsuit, forcing the firm to pay $8 million in settlements. The exposed data included highly sensitive personal and financial records, violating attorney-client confidentiality and exposing clients to identity theft, fraud, and reputational harm. The incident underscored vulnerabilities in the firm’s cybersecurity defenses, particularly around third-party access, weak authentication, and insufficient monitoring. The breach not only resulted in financial losses but also severely damaged the firm’s trustworthiness, prompting clients to question data protection measures. The attack was likely facilitated by exploited vulnerabilities or phishing, aligning with broader trends of cybercriminals targeting law firms for their troves of high-value legal and corporate data.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2023
602
Breach
01 Feb 2023 • OHSL
Orrick, Herrington & Sutcliffe LLP
Data Breach at Orrick, Herrington & Sutcliffe LLP
681
HIGH-79
ORR223072725
The Maine Office of the Attorney General reported a data breach involving Orrick, Herrington & Sutcliffe LLP on August 18, 2023. The breach occurred on February 28, 2023, due to an external hacking incident, affecting a total of 461,100 individuals, including 221 Maine residents. Driver's License Numbers or Non-Driver Identification Card Numbers were compromised, and the affected organization is offering two years of identity monitoring services through Kroll.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JULY 2022
762
Breach
22 Jul 2022 • OHSL
Orrick, Herrington & Sutcliffe, Proskauer Rose, Cravath Swaine & Moore, Mossack Fonseca and Weil Gotshal & Manges: Biggest Legal Industry Cyber Attacks
Law Firms Under Siege: A Rising Tide of Cyber Attacks Targets the Legal Industry
580
CRITICAL-182
ORRWEICRAMOSPRO1782779207
Law Firms Under Siege: A Rising Tide of Cyber Attacks Targets the Legal Industry
The legal sector is facing an escalating cybersecurity crisis, with law firms increasingly targeted by sophisticated threat actors. A recent survey by Arctic Wolf and Above the Law revealed that 39% of law firms experienced a security breach in the past year, with 56% of those incidents resulting in the loss of confidential client data a devastating outcome for an industry built on trust and discretion.
### Why Law Firms Are Prime Targets
Several factors make law firms particularly vulnerable:
- Digital transformation: Firms rely heavily on cloud-based applications and web platforms, expanding their attack surface.
- Valuable data: They store vast amounts of sensitive client information, including financial records, PII, and privileged legal documents.
- Lack of preparedness: Only 26% of firms consider themselves "very prepared" to respond to cyber incidents.
- Resource constraints: Many lack dedicated cybersecurity personnel or struggle to meet evolving compliance standards.
- Sophisticated threats: The average ransom demand for legal organizations reached $1 million in 2023, with attackers exploiting weak incident response (IR) plans and third-party vulnerabilities.
### Notable Cyber Attacks on Law Firms
#### 1. Orrick, Herrington & Sutcliffe (2023)
- Attack type: Data exfiltration (details undisclosed)
- Impact: Compromised PII and health data of 637,000 breach victims, leading to multiple class-action lawsuits.
- Target: The firm specializes in data breach litigation, making its own client records a high-value target.
#### 2. Grubman Shire Meiselas & Sacks (2020)
- Attack type: Ransomware (REvil group)
- Demand: Initially $21 million, later doubled to $42 million after hackers leaked Lady Gaga’s legal documents.
- Outcome: The firm denied paying the ransom, though reports suggest a partial payment of $365,000 was made.
#### 3. Proskauer Rose (2023)
- Attack type: Data breach via unsecured Microsoft Azure cloud server
- Impact: 184,000+ files exposed for six months, including financial deals, NDAs, and acquisition documents.
- Response: The firm secured the server and launched an investigation with cybersecurity experts.
#### 4. HWL Ebsworth (2023)
- Attack type: Ransomware (ALPHV/Blackcat)
- Impact: 4TB of data (2.2 million files) stolen, including employee IDs, financial reports, and client documentation.
- Aftermath: Hackers leaked 1.45TB of data on the dark web; an Australian court issued an injunction to block access.
#### 5. DLA Piper (2017)
- Attack type: NotPetya ransomware (originating in Ukraine)
- Impact: Global disruption employees lost access to email, phones, and documents. The firm spent 15,000 hours in overtime rebuilding its Windows environment.
- Attribution: Linked to Russian state-backed actors.
#### 6. Mossack Fonseca (2016)
- Attack type: Alleged hack (or insider leak)
- Impact: 11.5 million documents (Panama Papers) exposed, revealing tax evasion schemes and shell companies.
- Aftermath: Governments recovered $1.2 billion in unpaid taxes; the firm shut down in 2018 amid reputational damage.
#### 7. Cravath Swaine & Moore / Weil Gotshal & Manges (2016)
- Attack type: Insider trading via malware
- Perpetrators: Three Chinese nationals stole confidential M&A data, earning $4 million in illicit profits.
- Penalty: The SEC fined them $8.8 million.
### The Broader Impact
Cyber attacks on law firms extend beyond financial losses. Breaches erode client trust, disrupt operations (e.g., frozen billing systems), and trigger regulatory scrutiny. Many firms remain silent about incidents due to lack of mandatory disclosure laws, leaving the full scope of the problem unknown.
As threat actors refine their tactics from ransomware to phishing and insider threats the legal industry must confront its cybersecurity gaps or risk becoming a persistent target.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for OHSL ??
What was OHSL's A.I Rankiteo Cyber Score in June 2026 ??
What was OHSL's A.I Rankiteo Cyber Score in May 2026 ??
What was OHSL's A.I Rankiteo Cyber Score in April 2026 ??
What was OHSL's A.I Rankiteo Cyber Score in March 2026 ??
What was OHSL's A.I Rankiteo Cyber Score in February 2026 ??
What was OHSL's A.I Rankiteo Cyber Score in January 2026 ??
What was OHSL's A.I Rankiteo Cyber Score in December 2025 ??
What was OHSL's A.I Rankiteo Cyber Score in November 2025 ??
What was OHSL's A.I Rankiteo Cyber Score in October 2025 ??
What was OHSL's A.I Rankiteo Cyber Score in September 2025 ??
What was OHSL's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on OHSL's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with OHSL ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view OHSL's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?