<html xmlns="http://www.w3.org/1999/xhtml"><head><title>UPDATE 1-Another US law firm reaches data breach settlement as cyber risks mount</title></head><body>

Updated to include approval of Orrick settlement in paragraph 6.

By Sara Merken

Nov 8 (Reuters) -Florida business law firm Gunster has agreed to pay $8.5 million to resolve a proposed class action over a 2022 data breach that allegedly exposed the personal and health information of thousands of people.

Lawyers for the plaintiffs submitted the proposed settlement in Florida federal court on Thursday. It would resolve one of two cases filed this year against West Palm Beach-founded Gunster over a data security incident that allegedly compromised the personal data of nearly 10,000 people, including former and current clients and employees.

The agreement is subject to approval by U.S. District Judge Aileen Cannon. Gunster has denied the allegations and did not admit wrongdoing.

A Gunster representative on Friday said the firm will not comment on pending litigation. The firm's outside lawyers and a lawyer for the plaintiffs did not immediately respond to requests for comment.

The legal industry has been the target of growing cybersecurity attacks, including against law firms that often possess valuable confidential client information.

Orrick, Herrington & Sutcliffe in April reached an $8 million deal to settle a lawsuit over abreach that allegedly compromised personal data held by the firm on more than 600,000 people. A federal judge approved that settlement on Friday, according to an attorney for the plaintiffs.

Bryan Cave Leighton Paisner and snack food giant Mondelez reached a tentative $750,000 settlement in another data breach case last month.

The U.S. federal judiciary on Wednesday issued warnings about emails mimicking notifications of electronic court filings that seek to lure attorney recipients to a malicious website with computer viruses.

Plaintiff Mary Jane Whalen, a New York resident and former Gunster client, and plaintiff Christine Rona, a New York resident who was employed by Gunster to give healthcare services to the firm's high net worth clients, alleged in a complaint that Gunster failed to take adequate measures to protect personal information, among other claims.

Personal and sensitive information such as names, dates of birth, Social Security and banking information was "exfiltrated by cybercriminals" from the firm, the complaint said. Gunster in April issued data breach notifications that said there was unauthorized access to its document management file system.

The complaint alleged Gunster was likely a target because it is a large law firm that collects personal information and creates and maintains entities for wealthy clients.

Judge Cannon on Tuesday paused the other case against Gunster pending approval of the settlement.

The case is Whalen et al v. Gunster, Yoakley & Steward, U.S. District Court for the Southern District of Florida, No. 9:24-CV-80612.

For the plaintiffs: John Yanchunis of Morgan & Morgan and Brian Murray of Glancy Prongay & Murray

For Gunster: Kristine Brown of Alston & Bird and Jacqueline Arango of Akerman

Reporting by Sara Merken

</body></html>