U.S. Law Firm Fox Rothschild Hit with Class Action Lawsuit Over Data Breach
A proposed class action lawsuit was filed against U.S. law firm Fox Rothschild on June 9, alleging the firm failed to protect sensitive personal data, including names and Social Security numbers, in a May breach. The attack was attributed to the Silent Ransom Group, a cybercriminal collective that has targeted law firms since 2023, according to the FBI.
The lawsuit was initiated by Jasmine Trotter, a Georgia resident whose data was held by Fox Rothschild in connection with an unspecified legal matter. Trotter claims the firm did not notify affected individuals and neglected to implement adequate security measures. She estimates thousands of potential class members may have been impacted.
Fox Rothschild’s chief AI and information security officer, Mark McCreary, stated that the breach stemmed from a "sophisticated social engineering event" targeting a single attorney, compromising only one device. He asserted that the firm’s security protocols contained the incident’s scope and that notifications would be issued as required by law.
The Silent Ransom Group has previously claimed responsibility for breaches at other major law firms, including Jones Day, which represented former President Donald Trump in election-related cases. Law firms have increasingly faced litigation over cybersecurity failures, with some such as Gunster Yoakley & Stewart, Orrick Herrington & Sutcliffe, and Bryan Cave Leighton Paisner settling similar cases in recent years.
Jones Day cybersecurity rating report: https://www.rankiteo.com/company/jones-day
BCLP cybersecurity rating report: https://www.rankiteo.com/company/bryan-cave-leighton-paisner-llp
Fox Rothschild cybersecurity rating report: https://www.rankiteo.com/company/fox-rothschild
"id": "JONBRYFOX1781043906",
"linkid": "jones-day, bryan-cave-leighton-paisner-llp, fox-rothschild",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Thousands (estimated)',
'industry': 'Legal Services',
'location': 'United States',
'name': 'Fox Rothschild',
'type': 'Law Firm'}],
'attack_vector': 'Social Engineering',
'customer_advisories': 'Notifications to be issued as required by law',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers']},
'date_detected': '2024-05',
'date_publicly_disclosed': '2024-06-09',
'description': 'A proposed class action lawsuit was filed against U.S. law '
'firm Fox Rothschild alleging failure to protect sensitive '
'personal data, including names and Social Security numbers, '
'in a May breach attributed to the Silent Ransom Group. The '
'lawsuit claims the firm did not notify affected individuals '
'and neglected to implement adequate security measures.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'lawsuit and breach',
'data_compromised': 'Sensitive personal data, including names and '
'Social Security numbers',
'identity_theft_risk': 'High (Social Security numbers exposed)',
'legal_liabilities': 'Class action lawsuit filed',
'systems_affected': 'One device'},
'initial_access_broker': {'entry_point': 'Single attorney via social '
'engineering'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Sophisticated social engineering '
'event targeting a single attorney'},
'references': [{'date_accessed': '2024-06-09',
'source': 'Class Action Lawsuit Filing'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit filed'},
'response': {'communication_strategy': 'Notifications to be issued as '
'required by law',
'containment_measures': 'Security protocols contained the '
'incident’s scope'},
'threat_actor': 'Silent Ransom Group',
'title': 'Fox Rothschild Data Breach and Class Action Lawsuit',
'type': 'Data Breach'}