How law firms can reduce liability when sensitive client data Is breached

The report examines a law-firm data breach (Pillsbury) allegedly occurring in April 2025 that exposed sensitive client PII and prompted a class-action complaint focused on delayed notification and purportedly inadequate controls; it explains how courts evaluate reasonableness, documentation, and proportionality of security measures and provides practical security and ThreatLocker hardening checklists covering access control, encryption, vulnerability management, and incident response.