The Zalkin Law Firm (“Zalkin”), a San Diego firm advocating for sexual abuse survivors nationwide, was sued in September after BlackCat gained access to the firm’s system and exfiltrated 523 clients’ personal information, including sexual abuse details. On their dark web leak site, the threat actors claimed to have exfiltrated 415.63 GB of sexual harassment lawsuit data, with all records, notes, evidence depositions, and personal information. When the law firm did not pay their demands, the threat actors reached out directly to clients. Ariana Deats, the named plaintiff, received an email from BlackCat informing her of the breach and that her records were in their possession.
According to the complaint, Zalkin reportedly became aware of the breach on April 6, but letters were not sent to those affected until September. Because BlackCat’s site was seized in December by law enforcement, DataBreaches was unable to check to confirm whether BlackCat had ever leaked all of the data they had claimed to have stolen.
The case is Deats v. The Zalkin Law Firm.
This week, Cole and Van Note, the law firm representing Deats and other plaintiffs, announced a proposed settlement that would give the class almost $300,000 to be distributed among those class members who make claims. Should no other class members come forward, Ms. Deats would be the sole beneficiary of the settlement funds. There is also an award to attorneys of almost $100,000.
I am a client who was not in the class action lawsuit. Since April of 2023 I had 4 credit cards and I debit card compromised. Numerous attempts of loan attempts on my credit. I locked my Credit Bureaus which has helped tremendously. But a couple of my credit monitors have told me that my SSN and other personal information is on the dark web. So now I have to be very careful with my financial affairs.