Pillsbury Law Firm Data Breach Class Action Lawsuits
Data Breach · Lawsuit Filed

Pillsbury Law Firm Faces Data Breach Class Actions After a 2025 Cyberattack Exposed Personal Data

Published July 9, 2026

People trust law firms with their most sensitive information — which is exactly why a breach at a firm like Pillsbury, with Social Security and financial data reportedly exposed, has turned into class action litigation.

Law books representing the Pillsbury Winthrop data breach class action litigation
Pillsbury Winthrop Shaw Pittman LLP faces consolidating class actions over a 2025 cyberattack that exposed personal data.
Allegations Only · No Settlement Yet

This article describes class action complaints. The statements below are unproven allegations. Pillsbury has not been found liable, there is no certified class, and nothing to claim at this time. This page is informational and is not legal advice.

What Is This About?

Pillsbury Winthrop Shaw Pittman LLP, one of the country's large national law firms, is facing a set of proposed class actions over a 2025 data breach. The cases are in the U.S. District Court for the Southern District of New York and are being consolidated as In re Pillsbury Data Breach Litigation, No. 1:25-cv-09613, before Judge Katherine Polk Failla. The lead case, Archer v. Pillsbury Winthrop Shaw Pittman LLP, was filed November 18, 2025, and a related case, Reyes v. Pillsbury Winthrop Shaw Pittman LLP, No. 1:25-cv-09647, followed the next day.

The suits allege that Pillsbury failed to protect the personal information in its systems and was too slow to tell people once it knew. Because law firms hold some of the most sensitive information their clients and employees have — the kind gathered for deals, disputes, estate planning, and hiring — a breach at a firm carries a distinct sting. The litigation is at its earliest stage: the allegations are unproven, no class has been certified, and there is no settlement and nothing to claim.

Status Complaints Filed & Consolidating In re Pillsbury Data Breach Litigation · S.D.N.Y. · Archer filed Nov. 18, 2025
Confirmed Affected At least 39,573 Texas residents notified Notices also went to NH, ME, MA & CA · a nationwide total is not yet publicly confirmed
Reportedly Exposed Names, addresses, DOB, Social Security numbers, financial account info Per the complaints and state notification filings
Can I Claim? No — nothing to claim yet No settlement, no fund, no claim form

What Happened

According to the complaints, the intrusion occurred in April 2025 and started not with a technical exploit but with a person. Plaintiffs allege an unauthorized actor used a social-engineering scam — persuading a single user to grant access long enough to download firm documents. Pillsbury has said it blocked the activity once it was detected and implemented additional security measures. The firm began notifying affected individuals in November 2025; a state notification letter is dated November 6, 2025 — roughly seven months after the incident, a gap the plaintiffs allege was an unreasonable delay.

The clearest public figure comes from Texas, where state filings show at least 39,573 residents were notified. Notifications also went to residents of New Hampshire, Maine, Massachusetts, and California, so the true nationwide total is larger — but a single confirmed figure has not been published, and this page will not guess at one. Everything about how the breach happened remains an allegation until the litigation or the firm's own disclosures establish it.

What Was Exposed

Across the complaints and state notification filings, the exposed information reportedly includes names, addresses, dates of birth, Social Security numbers, and financial account information. That is the high-risk combination — identity plus financial data — that can enable both identity theft and account fraud, which is why data-breach cases involving SSNs draw the most concern and the most litigation.

What the Lawsuits Allege

The complaints plead negligence and related claims: that Pillsbury failed to implement adequate, industry-standard data security, and that it delayed notifying affected people, increasing their exposure to identity theft and financial fraud. Plaintiffs seek damages, credit-monitoring and identity-protection relief, and injunctive measures requiring stronger security. Both the lead Archer case and the related Reyes case seek to represent a nationwide class, with reported damages exceeding $5 million. These are allegations; Pillsbury has not yet answered on the merits, and nothing has been decided.

Is There a Settlement?

No. Consolidating the related complaints is an early procedural step, not a resolution. There is no settlement fund, no claim form, no deadline, and no certified class. If the case later settles, a court-appointed administrator would issue notice and open a claims process — we will update this page and our data breach settlements hub if that happens. Treat any site claiming you can "file a Pillsbury claim" today with suspicion.

What Should Affected People Do Now?

If you received a notice from Pillsbury, take advantage of any credit-monitoring it offers and keep the letter — it is typically how you would file if a settlement is reached later. Because Social Security numbers and financial data were reportedly involved, a credit freeze with the three major bureaus is the strongest protection and is free. Watch for phishing and unfamiliar account activity, and review your credit reports. For how these cases tend to move, see our data breach coverage and the related Brightspeed data breach lawsuit.

This page is informational and is not legal advice.

Frequently Asked Questions

Has a class action been filed over the Pillsbury data breach?

Yes — proposed class actions in the Southern District of New York, consolidating as In re Pillsbury Data Breach Litigation, No. 1:25-cv-09613 (lead case Archer v. Pillsbury, filed Nov. 18, 2025; related case Reyes, No. 1:25-cv-09647). All claims are unproven; no class is certified.

What happened?

The complaints allege an unauthorized actor accessed Pillsbury's systems in April 2025 via a social-engineering scam and downloaded documents; Pillsbury says it blocked the activity once detected. Notices went out beginning November 2025, which plaintiffs allege was an unreasonable delay.

How many people were affected?

At least 39,573 Texas residents were notified, with additional notices in New Hampshire, Maine, Massachusetts, and California. A confirmed nationwide total has not been published.

Were Social Security numbers exposed?

Yes — the reportedly exposed data includes Social Security numbers and financial account information, along with names, addresses, and dates of birth. Consider a credit freeze.

Is there a settlement or claim form?

No. There is no settlement, fund, claim form, or deadline. Nothing to claim at this stage.

Sources

CourtListener — In re Pillsbury Data Breach Litigation / Archer v. Pillsbury, 1:25-cv-09613 (S.D.N.Y.)
CourtListener — Reyes v. Pillsbury Winthrop Shaw Pittman LLP, 1:25-cv-09647 (S.D.N.Y.)
New Hampshire Attorney General — Pillsbury Breach Notification Letter (Nov. 6, 2025)
Bloomberg Law — Pillsbury Winthrop Sued Over Data Breach


For more class actions keep scrolling below.
Status Complaints filed & consolidating — no class certified, no settlement
Consolidated Caption In re Pillsbury Data Breach Litigation
Case Number 1:25-cv-09613 (lead: Archer; related: Reyes, 1:25-cv-09647)
Court U.S. District Court, Southern District of New York (Judge Katherine Polk Failla)
Date Filed November 18, 2025 (Archer)
Defendant Pillsbury Winthrop Shaw Pittman LLP

More Data Breach Cases