▼
Allegations Only · No Settlement Yet
This article describes a class action complaint. The statements below are unproven
allegations. Wilmer Cutler Pickering Hale and Dorr LLP disputes the claims, has not been
found liable, there is no certified class, and there is nothing to claim at this time.
This page is general information, not legal advice.
WilmerHale — formally Wilmer Cutler Pickering Hale and Dorr LLP, the international law firm known for
high-profile government, regulatory, and corporate work — is facing a proposed class action over a
cyberattack that allegedly exposed personal information belonging to its clients. The case is
Perry v. Wilmer Cutler Pickering Hale and Dorr LLP, No. 1:26-cv-02470, filed July 14, 2026 in
the U.S. District Court for the District of Columbia.
The named plaintiff, a Nevada resident, sued on behalf of himself and others whose personal
information — including names and Social Security numbers — was allegedly accessed or acquired by an
unauthorized third party during the incident. The complaint alleges the firm failed to implement
reasonable cybersecurity safeguards to protect the sensitive information entrusted to it. None of the
claims has been proven, and no court has ruled on the merits.
Status
Complaint Filed · No Settlement
filed July 14, 2026 in the District of Columbia
Case
Perry v. Wilmer Cutler Pickering Hale and Dorr LLP
No. 1:26-cv-02470 (D.D.C.)
Can I Claim?
No — nothing to claim yet
no certified class, no settlement, no claim form
According to the firm's breach notifications and press reports, WilmerHale detected suspicious
activity on its network on May 8, 2026. An investigation determined that certain files containing
personal information had been accessed or acquired by an unauthorized third party. The firm began
mailing notification letters to affected individuals on July 10, 2026 — four days before the
complaint was filed.
The data types identified so far are names and Social Security numbers. The total number of people
affected has not been publicly confirmed: the complaint alleges thousands could be affected, but no
verified total has been filed with regulators or announced by the firm. No hacking group has been
publicly identified as responsible for the incident, and any attribution you may see reported remains
unconfirmed.
A WilmerHale spokesperson has said that an unauthorized third party that has been targeting firms
across the legal industry obtained a limited set of information, that the actor did not directly
access the firm's systems or network, that the incident was isolated and quickly contained, and that
the firm has no evidence the data has been misused or publicly disclosed. Those statements are the
firm's characterization of the incident; the litigation will test whether the firm's safeguards were
reasonable.
The complaint asserts that WilmerHale was negligent in securing the personal information in its
possession and seeks contract-based damages as well. It alleges the firm collected and stored
sensitive client data and therefore owed a duty to protect it with reasonable, industry-standard
security measures, and that the breach was a foreseeable consequence of failing to do so —
particularly given the wave of cyberattacks targeting large law firms in recent years.
The plaintiff seeks class certification, monetary damages, attorneys' fees, and injunctive relief
that would require court-ordered improvements to the firm's cybersecurity practices. Because the case
was just filed, WilmerHale has not yet responded in court, and no schedule has been set.
The lawsuit is brought on behalf of people whose personal information was compromised in the
incident — described in coverage of the complaint as the firm's clients. The exact class definition
will be tested as the case proceeds, and anyone who received a notification letter from WilmerHale
dated on or after July 10, 2026 is likely within the group the complaint describes. If you received
a notice, keep it: if the case ever settles, documentation of class membership is typically required
or helpful.
Law firms are attractive targets for attackers because they hold concentrated volumes of sensitive
client information. WilmerHale is not the first major firm to face breach litigation — we cover a
similar case against another large law firm in our
Pillsbury Winthrop data breach class action
article, and an open settlement over a law-firm breach in our
Thompson Coburn data breach settlement
coverage.
There is nothing to file at this stage — no settlement and no claim form exist. If you received a
breach notice from WilmerHale, standard post-breach precautions apply: enroll in any credit
monitoring the firm offers, consider placing a free fraud alert or security freeze on your credit
files with the three credit bureaus, and monitor financial accounts for unfamiliar activity. Because
Social Security numbers are alleged to be involved, a credit freeze is the strongest available
protection against new-account identity theft.
You can follow other active breach cases on our
data breach settlements and investigations tracker.
OpenClassActions.com is a consumer news site, not a law firm, and does not provide legal advice or
process claims.
What is the WilmerHale data breach lawsuit about?
A proposed class action, Perry v. Wilmer Cutler Pickering Hale and Dorr LLP, filed July 14, 2026 in the U.S. District Court for the District of Columbia, alleges the law firm known as WilmerHale failed to adequately protect personal information — including names and Social Security numbers — that an unauthorized third party accessed or acquired in a cyberattack the firm became aware of on May 8, 2026. These are unproven allegations; WilmerHale disputes the claims and has not been found liable.
What happened in the WilmerHale data breach?
According to the firm's breach notices and press reports, WilmerHale detected suspicious network activity on May 8, 2026, and an investigation found that certain files containing personal information were accessed or acquired by an unauthorized third party. The firm began mailing notification letters to affected individuals on July 10, 2026. WilmerHale has said the incident was isolated and quickly contained, that the actor did not directly access the firm's systems or network, and that it has no evidence the data has been misused.
How many people were affected by the WilmerHale breach?
The total number of affected individuals has not been publicly confirmed. The complaint alleges thousands of people could be affected, but no verified total has been filed or announced. Any specific number you see reported should be treated as unconfirmed until WilmerHale or a regulator publishes one.
Is there a WilmerHale settlement or claim form yet?
No. The case is at the complaint stage. There is no certified class, no settlement, and no claim form. Nothing can be claimed at this time. If the case later settles, a court-approved notice and official settlement website would explain who qualifies and how to file.
What should I do if I received a WilmerHale breach notice?
Keep the notice letter — if a settlement is ever reached, it may be needed to document class membership. Consider standard post-breach precautions: enroll in any credit monitoring the firm offers, place a free fraud alert or credit freeze with the credit bureaus, and watch financial statements for unfamiliar activity. Because Social Security numbers are alleged to be involved, a credit freeze is the strongest protection.
• Perry v. Wilmer Cutler Pickering Hale and Dorr LLP, No. 1:26-cv-02470 (D.D.C.) — Class Action Complaint, filed July 14, 2026
• Bloomberg Law, "WilmerHale Sued Over Client Personal Information Data Breach" —
Bloomberg Law
• Law360, "WilmerHale Hit With Class Action Over Cyberattack" —
Law360
• JDJournal, "WilmerHale Hit With Data Breach Lawsuit" —
JDJournal
Free settlement alerts
Get notified when new class actions open to claims
Join thousands of readers who get the latest class action settlements you may qualify for — delivered straight to your inbox.
For more class actions keep scrolling below.
Status
Complaint filed — no settlement, no certified class
Case Title
Perry v. Wilmer Cutler Pickering Hale and Dorr LLP
Case Number
1:26-cv-02470
Court
U.S. District Court, District of Columbia
Date Filed
July 14, 2026
Claims
Negligence · contract-based damages
Data Types
Names · Social Security numbers