Client Sues Law Firm for Failing to Disclose Data Breach

On March 27, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a 2016 data breach. The complaint alleges that Warden Grier chose not to disclose the data breach to Hiscox, thereby breaching a contract between the two parties. This case is being held in the Missouri Western District Court before Judge Nanette K. Laughrey.

The complaint states that Warden Grier was the target of a December 2016 data breach, caused by an international hacker organization known as “The Dark Overlord.” The hackers allegedly gained unauthorized access to the firm’s servers, which contained sensitive and personal information belonging to Hiscox and its insureds. Warden Grier allegedly paid a ransom to the hackers so they would not disseminate the information.

Warden Grier contacted the FBI and outside attorneys to investigate, but they did not inform Hiscox of the matter. The insurance company allegedly had no knowledge of the breach or the subsequent ransom until March 28, 2018, when one of its employees “learned by happenstance, through social media,” that some of the personal information “had been leaked on the ‘dark web.’”

Hiscox is an Illinois-based insurance provider that insures risks throughout the United States. According to the complaint, “As early as 2002, Hiscox entered into a working relationship with Warden Grier to render professional services on behalf of Hiscox, and on behalf of Hiscox’s insureds.” This relationship was governed by two Terms of Engagement contracts that stated Warden Grier’s obligation “to take adequate measures to protect sensitive [personal information]” belonging to Hiscox, and to “notify Hiscox of any failure to maintain the confidentiality of [personal information] belonging to Hiscox and its insureds.”

As a result of the alleged negligence and breach of contract, Hiscox seeks over $1,500,000 in damages.