WilmerHale Data Breach Class Action Lawsuit (2026)
Data Breach · Lawsuit Filed

WilmerHale Data Breach Class Action: Clients Sue After Cyberattack Exposed Names and Social Security Numbers

Published July 17, 2026

WilmerHale, one of the country's most prominent law firms, is facing a proposed class action after a May 2026 cyberattack that allegedly exposed clients' names and Social Security numbers. The case was just filed — there is no settlement and nothing to claim yet, but people who received a breach notice should keep it.

WilmerHale data breach class action lawsuit over 2026 law firm cyberattack exposing client names and Social Security numbers
Allegations Only · No Settlement Yet

This article describes a class action complaint. The statements below are unproven allegations. Wilmer Cutler Pickering Hale and Dorr LLP disputes the claims, has not been found liable, there is no certified class, and there is nothing to claim at this time. This page is general information, not legal advice.

What Is the WilmerHale Data Breach Lawsuit About?

WilmerHale — formally Wilmer Cutler Pickering Hale and Dorr LLP, the international law firm known for high-profile government, regulatory, and corporate work — is facing a proposed class action over a cyberattack that allegedly exposed personal information belonging to its clients. The case is Perry v. Wilmer Cutler Pickering Hale and Dorr LLP, No. 1:26-cv-02470, filed July 14, 2026 in the U.S. District Court for the District of Columbia.

The named plaintiff, a Nevada resident, sued on behalf of himself and others whose personal information — including names and Social Security numbers — was allegedly accessed or acquired by an unauthorized third party during the incident. The complaint alleges the firm failed to implement reasonable cybersecurity safeguards to protect the sensitive information entrusted to it. None of the claims has been proven, and no court has ruled on the merits.

Status Complaint Filed · No Settlement filed July 14, 2026 in the District of Columbia
Case Perry v. Wilmer Cutler Pickering Hale and Dorr LLP No. 1:26-cv-02470 (D.D.C.)
Can I Claim? No — nothing to claim yet no certified class, no settlement, no claim form

What Happened in the WilmerHale Cyberattack?

According to the firm's breach notifications and press reports, WilmerHale detected suspicious activity on its network on May 8, 2026. An investigation determined that certain files containing personal information had been accessed or acquired by an unauthorized third party. The firm began mailing notification letters to affected individuals on July 10, 2026 — four days before the complaint was filed.

The data types identified so far are names and Social Security numbers. The total number of people affected has not been publicly confirmed: the complaint alleges thousands could be affected, but no verified total has been filed with regulators or announced by the firm. No hacking group has been publicly identified as responsible for the incident, and any attribution you may see reported remains unconfirmed.

A WilmerHale spokesperson has said that an unauthorized third party that has been targeting firms across the legal industry obtained a limited set of information, that the actor did not directly access the firm's systems or network, that the incident was isolated and quickly contained, and that the firm has no evidence the data has been misused or publicly disclosed. Those statements are the firm's characterization of the incident; the litigation will test whether the firm's safeguards were reasonable.

What Does the Complaint Allege?

The complaint asserts that WilmerHale was negligent in securing the personal information in its possession and seeks contract-based damages as well. It alleges the firm collected and stored sensitive client data and therefore owed a duty to protect it with reasonable, industry-standard security measures, and that the breach was a foreseeable consequence of failing to do so — particularly given the wave of cyberattacks targeting large law firms in recent years.

The plaintiff seeks class certification, monetary damages, attorneys' fees, and injunctive relief that would require court-ordered improvements to the firm's cybersecurity practices. Because the case was just filed, WilmerHale has not yet responded in court, and no schedule has been set.

Who Could Be Affected?

The lawsuit is brought on behalf of people whose personal information was compromised in the incident — described in coverage of the complaint as the firm's clients. The exact class definition will be tested as the case proceeds, and anyone who received a notification letter from WilmerHale dated on or after July 10, 2026 is likely within the group the complaint describes. If you received a notice, keep it: if the case ever settles, documentation of class membership is typically required or helpful.

Law firms are attractive targets for attackers because they hold concentrated volumes of sensitive client information. WilmerHale is not the first major firm to face breach litigation — we cover a similar case against another large law firm in our Pillsbury Winthrop data breach class action article, and an open settlement over a law-firm breach in our Thompson Coburn data breach settlement coverage.

What Should You Do Now?

There is nothing to file at this stage — no settlement and no claim form exist. If you received a breach notice from WilmerHale, standard post-breach precautions apply: enroll in any credit monitoring the firm offers, consider placing a free fraud alert or security freeze on your credit files with the three credit bureaus, and monitor financial accounts for unfamiliar activity. Because Social Security numbers are alleged to be involved, a credit freeze is the strongest available protection against new-account identity theft.

You can follow other active breach cases on our data breach settlements and investigations tracker. OpenClassActions.com is a consumer news site, not a law firm, and does not provide legal advice or process claims.

Frequently Asked Questions

What is the WilmerHale data breach lawsuit about?

A proposed class action, Perry v. Wilmer Cutler Pickering Hale and Dorr LLP, filed July 14, 2026 in the U.S. District Court for the District of Columbia, alleges the law firm known as WilmerHale failed to adequately protect personal information — including names and Social Security numbers — that an unauthorized third party accessed or acquired in a cyberattack the firm became aware of on May 8, 2026. These are unproven allegations; WilmerHale disputes the claims and has not been found liable.

What happened in the WilmerHale data breach?

According to the firm's breach notices and press reports, WilmerHale detected suspicious network activity on May 8, 2026, and an investigation found that certain files containing personal information were accessed or acquired by an unauthorized third party. The firm began mailing notification letters to affected individuals on July 10, 2026. WilmerHale has said the incident was isolated and quickly contained, that the actor did not directly access the firm's systems or network, and that it has no evidence the data has been misused.

How many people were affected by the WilmerHale breach?

The total number of affected individuals has not been publicly confirmed. The complaint alleges thousands of people could be affected, but no verified total has been filed or announced. Any specific number you see reported should be treated as unconfirmed until WilmerHale or a regulator publishes one.

Is there a WilmerHale settlement or claim form yet?

No. The case is at the complaint stage. There is no certified class, no settlement, and no claim form. Nothing can be claimed at this time. If the case later settles, a court-approved notice and official settlement website would explain who qualifies and how to file.

What should I do if I received a WilmerHale breach notice?

Keep the notice letter — if a settlement is ever reached, it may be needed to document class membership. Consider standard post-breach precautions: enroll in any credit monitoring the firm offers, place a free fraud alert or credit freeze with the credit bureaus, and watch financial statements for unfamiliar activity. Because Social Security numbers are alleged to be involved, a credit freeze is the strongest protection.

Sources

Perry v. Wilmer Cutler Pickering Hale and Dorr LLP, No. 1:26-cv-02470 (D.D.C.) — Class Action Complaint, filed July 14, 2026
• Bloomberg Law, "WilmerHale Sued Over Client Personal Information Data Breach" — Bloomberg Law
• Law360, "WilmerHale Hit With Class Action Over Cyberattack" — Law360
• JDJournal, "WilmerHale Hit With Data Breach Lawsuit" — JDJournal



For more class actions keep scrolling below.
Status Complaint filed — no settlement, no certified class
Case Title Perry v. Wilmer Cutler Pickering Hale and Dorr LLP
Case Number 1:26-cv-02470
Court U.S. District Court, District of Columbia
Date Filed July 14, 2026
Claims Negligence · contract-based damages
Data Types Names · Social Security numbers

Related Data Breach Lawsuits & Settlements