Orrick Ex-Employee Withdraws Data Breach Suit Hours After Filing

TL;DR Joseph Casillas dropped his lawsuit against Orrick Herrington & Sutcliffe hours after filing, preserving his right to refile elsewhere. The move follows his claim that a January cyber attack exposed his personal data.

Context Orrick Herrington & Sutcliffe disclosed a January intrusion that accessed employee records, prompting former staffer Joseph Casillas to sue for damages. The firm said the breach was discovered after unusual activity was flagged on internal networks, leading to a forensic review that confirmed unauthorized access to personal information. No public detail has been released on the exact number of records affected or the financial impact.

Key Facts Casillas had previously sought damages for himself and other alleged victims of the January cyber attack that compromised personal information. He withdrew the complaint without prejudice, which preserves his ability to refile the case in another jurisdiction. His lawyer, Andrew Gunem, did not respond to requests for comment after the dismissal and had previously declined to comment when the suit was filed.

What It Means The withdrawal suggests procedural or strategic considerations rather than a lack of merit in the underlying claims. For Orrick, the case remains a potential liability if Casillas refiles elsewhere, keeping pressure on the firm to demonstrate robust data‑protection practices. For employees, the episode highlights how litigation can follow breach disclosures, even when settlements are not reached.

What Defenders Should Do - Review incident‑response timelines to ensure detection occurs within hours, not days, of anomalous activity. - Enforce multi‑factor authentication on all privileged accounts to reduce credential‑theft risk. - Maintain an up‑to‑date inventory of personal data stores and apply encryption at rest and in transit. - Test backup restoration quarterly to confirm availability if ransomware or data‑wiping malware is encountered. - Monitor dark‑web markets for employee identifiers that may appear after a breach.

To watch next: whether Casillas refiles the lawsuit in another venue and if regulators issue any guidance or penalties related to Orrick’s handling of the January incident.