Industry - Data Breach
Executive Summary
The Silent Ransom Group breached law firm Orrick, Herrington & Sutcliffe in January 2026, accessing its network for approximately one week without deploying malware, likely through phishing or social engineering. After Orrick offered $1 million to resolve the incident - significantly less than the ransom demand - the threat actors leaked the firm's data, marking the first top-100 law firm to offer what the group considered an insufficient payment. This is Orrick's second major data breach in ...
What Happened
In January 2026, the Silent Ransom Group gained unauthorized access to the network of Orrick, Herrington & Sutcliffe LLP, a major international law firm with over $1.5 billion in annual revenue, maintaining access for approximately one week without deploying malware. The threat actors likely used phishing or social engineering tactics to breach the firm's systems. After Orrick offered $1 million to resolve the incident - substantially less than the ransom demand - the Silent Ransom Group rejected the payment and leaked the firm's data in early 2026, marking this as the first top-100 law firm to offer what the group considered insufficient payment.
Who Is Affected
Clients of Orrick, Herrington & Sutcliffe are directly affected, as their confidential legal information and communications stored on the firm's network were accessed and subsequently leaked. This is the firm's second major breach in three years, following a 2023 incident that compromised data belonging to 461,000 individuals. The breach impacts individuals and organizations across the United States, Europe, and Asia where Orrick maintains over 25 offices.
Why It Matters
This incident demonstrates that even organizations with recent breach experience and substantial resources remain vulnerable to social engineering attacks, and that paying reduced ransoms may not prevent data publication. The breach of a major law firm is particularly significant because legal communications are protected by attorney-client privilege and often contain highly sensitive strategic, financial, and personal information. The incident also illustrates an emerging pattern where sophisticated threat actors are systematically targeting large law firms, creating cascading privacy risks for their diverse client bases.
What You Should Do
If you are or were a client of Orrick, contact the firm directly to determine whether your specific data was accessed and what protective measures they are offering. Monitor your financial accounts and credit reports for suspicious activity, and consider placing fraud alerts or credit freezes with major credit bureaus. Be extremely cautious of any unexpected communications claiming to be from Orrick or related to your legal matters, as threat actors may use stolen information for targeted phishing attacks. Review and strengthen your own organization's security practices, particularly around email phishing and social engineering, as these tactics successfully breached a sophisticated legal organization.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.
Sources
- Silent Ransom Group leaked another big law firm: Orrick, Herrington & Sutcliffe
- Absolute Dental Group Reaches Settlement Over 2025 Data Breach - National Today
- Hims Breach Exposes the Most Sensitive Kinds of PHI
- Mercor.io Corporation Under Investigation for Data Breach of Records - Schubert Jonckheer & Kolbe
- DocketWise Under Investigation for Data Breach of Over 116,000 Records - Schubert Jonckheer & Kolbe
- Korea Launches First Census of Government AI Training Data Holdings - Seoul Economic Daily