LOS ANGELES, Feb. 16, 2026 /PRNewswire/ -- Data-security incidents have become a standard operational risk for businesses nationwide, driven by the scale, complexity, and interdependence of modern IT environments. As these incidents increase, a parallel trend has emerged: lawsuits are increasingly triggered by the sheer act of legally required disclosure of a data breach itself, directed at the companies whose systems have been infiltrated, rather than at the criminal actors responsible for the harm.
Wisner Baum, a nationally recognized plaintiffs' law firm, recently experienced a data-security incident involving unauthorized access to a limited number of computer systems. Upon discovery, the firm immediately secured its systems, launched an investigation, and engaged independent cybersecurity professionals to assess the scope and impact of the incident.
The investigation pinpointed the source, site, and extent of the exposure, and on January 21st, 2026, Wisner Baum mailed notice letters to clients and other individuals whose information may have been involved, consistent with standard notification practices. The firm's next steps were to consult with cybersecurity experts and put additional safeguards in place, including enhanced monitoring and strengthened system protections. Wisner Baum has also taken all possible steps to help ensure that any exposed, or potentially exposed, client information was deleted.
Layers of Exposure
The incident reflects a broader structural issue: organizations are relying on security infrastructure that, despite being marketed as state-of-the-art, can still leave them open to attack due to exploitable vulnerabilities. According to governmental and industry data, thousands of organizations report similar data-security incidents each year, often tied to vulnerabilities in third-party software, hardware, or managed services — not internal misconduct.
Meanwhile, legal and regulatory experts report a growing pattern: required disclosures increasingly become the focal point for follow-on litigation. Even as cybersecurity professionals emphasize that transparency and prompt notification are central to responsible incident response, some treat these notifications as a litigation opportunity against businesses who have taken all reasonable steps to comply with evolving legal and ethical obligations.
"It is unfortunate that some law firms are attempting to exploit this situation for their own gain. A professional cybercriminal was able to access Wisner Baum's data through a security flaw in the SonicWall system, a firewall that was supposed to be state-of-the-art. We were able to negotiate with SonicWall to ensure that none of our clients' data was made public. Now, spurred by parasitic law firms who are directly soliciting Wisner Baum's current and former clients, we see these copy-cat lawsuits springing up," said Brent Wisner, attorney and managing partner at the firm.
"We are dealing with lawyers and their clients who, instead of going after the threat actors or the SonicWall system that left us exposed, are trying to exact even more money and time from Wisner Baum. We are a law firm that has been a vanguard for consumer rights for decades, and now we are more than ready to defend ourselves and our clients. These lawsuits are meritless; truth is taking a back seat to greed. If we can bring Fortune 500 companies to their knees using truth, the law, and a sense of what is right, we will make short work of these frivolous, lawyer-driven class actions."
Standing on the Record
Recent cases show that breach notifications can become a litigation flashpoint, creating additional downstream risk. Data from Duane Morris indicates that 1,488 class actions were filed over data breaches in 2024 — an increase of approximately 13% from 2023 (1,320 filings) and more than double the 604 filings in 2022 — underscoring the scale and accelerating frequency of breach-related litigation.
"This type of litigation discourages timely disclosure, shifting focus away from systemic infrastructure accountability, and increasing friction for organizations like ours that are following best-practice notification standards to the letter," Wisner said.
The firm remains focused on its longstanding mission: representing consumers harmed by systemic failures, holding powerful institutions accountable, and advancing public interest litigation nationwide.
Sources
- The Daily Journal. (2026, February 5). Wisner Baum calls client data breach suits "meritless," "frivolous".
- The Recorder. (2026, February 2). Los Angeles plaintiffs firm Wisner Baum sued over data incident. (Law.com / The Recorder).
- Westlaw Today. (2026, February 4). Data breach at Wisner Baum law firm draws suit.
- Whittaker, Z. (2026, January 29). Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach. TechCrunch.
- Office of Management and Budget (OMB). (2024). ANNUAL REPORT FISCAL YEAR 2023. bidenwhitehouse.archives.
- FBI National Press Office. (2025, April 23). FBI releases annual internet crime report Federal Bureau of Investigation.
- AdvisorHub. (2025, April 15). LPL sues Ameriprise for sending clients misleading data breach notices.
- Duane Morris LLP. (2025). Data Breach Class Action Review – 2025. FlippingBook. online.flippingbook.com/view/759158897/10/
