The incident began on May 21, 2026, when an attorney at Blank Rome was misled by a caller impersonating the firm’s IT staff. Under the guise of technical support, the attacker convinced the staff member to upload confidential client files to an external Google Drive account. The exposed data includes Social Security numbers, driver’s license details, financial account information, and private medical records of current, former, and prospective clients.
Blank Rome delayed alerting the affected parties until late June 2026, a timeframe that legal experts argue may fall short of mandatory federal and state notification requirements. Schubert Jonckheer & Kolbe LLP is currently reviewing the firm’s security practices to determine if the breach constitutes a violation of privacy laws. Impacted individuals may be eligible for damages and court-ordered mandates requiring the firm to overhaul its data protection infrastructure.

Comments (0)
No comments yet. Be the first!