Gunster, Yoakley & Stewart Breach

Gunster Yoakley & Stewart is a popular Florida-based law firm with decades of experience in counseling businesses in the United States. The firm provides mergers, securities, capital investments, acquisitions, litigation, estate and trusts, and taxation. Some of Gunster's clients include AT&T, Bank of America, Wells Fargo, and European Wax Center.

In late 2022, Gunster detected a data security incident. The incident occurred due to an unauthorized access to Gunster's network, where hackers exploited vulnerabilities in the firm's IT infrastructure. Although the exact mode of attack and the number of affected individuals were not disclosed by the law firm, nearly 10,000 people were believed to have been impacted by the breach, according to Bloomberg.

Gunster claimed the information exposed in the breach varied by individual but may have included name and one or more of the following: Social Security number, financial account information, driver's license number, date of birth, medical information (such as health insurance benefit information, medical records number, diagnosis and treatment information, and claims data).

Upon detecting the data security incident, Gunster claimed to have taken measures to contain it and securely restore its network. After the firm's investigation, Gunster determined that unauthorized access had been granted to the firm's document management file system in the weeks before the incident was discovered.

Gunster said it implemented additional safeguards to further strengthen the security of its network in order to forestall future similar occurrences.

When Was the Gunster, Yoakley & Stewart Breach?

According to a Gunster notification, the law firm became aware of the data security breach on November 27, 2022. On April 6, 2023, the firm began mailing letters to persons who may have been involved in the incident whose addresses were identifiable by Gunster. 

How to Check If Your Data Was Breached

If your data was leaked in the Gunster breach, you may have received a mail notification. However, it is likely that not all affected persons were notified by mail. You may use websites like HaveIBeenPwned.com and AmIBreached.com to check if your data was leaked in a major online data breach. 

What to Do If Your Data Was Breached

Gunster included specific steps that affected persons may take in the notification sent out to users in 2023. The law firm offered a 24-month membership to identity theft protection services through Kroll. Kroll is a global leader in providing risk and financial solutions for individuals and businesses. The identity monitoring services made available to affected individuals include credit monitoring, fraud consultation, identity theft restoration, and identity fraud loss reimbursement.

Typically, you will get alerts when changes are made to your credit data such as when a new credit line is applied for in your name. Clients who notice suspicious activities are encouraged to contact Kroll fraud specialists. These specialists are trained to look for specific indicators in identifying identity theft activities.

Also, Gunster recommended that affected persons put a one-year fraud alert on their credit file. This indicates to persons requesting your credit file that you may be at a fraud risk and prevents anyone from accessing your credit report and issuing a credit in your name. You can contact Equifax, Experian, or TransUnion to set up an initial one-year fraud alert. 

Are There Any Lawsuits Because of the Data Breach?

Mary J. Whalen, a former client of Gunster, filed a proposed class action in Florida federal court in May 2024. Whalen alleged that the law firm's deficient cybersecurity system was penetrated by cyber attackers, creating a window for outsiders to access clients' personal health information. The former Gunster employee also alleged that the law firm waited 18 months to inform affected clients.

The suit asserts breach of contract, negligence, negligence per se, invasion of privacy, unjust enrichment, and a violation of Florida's Deceptive and Unfair Trade Practices Act. In the Mary Jane Whalen v. Gunster Yoakley & Stewart PA case, Whalen is asking the court to order the law firm to upgrade its security systems and provide credit monitoring for affected persons for 10 years.

Can My Gunster, Yoakley & Stewart Information Be Used for Identity Theft?

Yes, the leaked information in the Gunster breach can be used for identity theft. The law firm recommends that affected individuals take advantage of the identity monitoring services offered in the wake of the incident. Gunster promised to reimburse anyone for out-of-pocket expenses up to $1 million in covered legal expenses and costs for any one stolen identity event. However, all coverage is subject to the conditions and exclusions in the policy.

Gunster also provided unlimited access to consultation with a Kroll fraud specialist for 24 months. The support provided shows affected individuals the most effective ways to protect their identity under the law. It also reveals how personal information may be accessed and used, and the steps to take to investigate suspicious activity that may be tied to an identity theft event. 

What Can You Do to Protect Yourself Online?

To protect yourself from cybercriminals seeking to exploit your data, adopting proactive measures has become essential. Some of the steps you can take to protect yourself online include:

• Be cautious when sharing personal information with anyone
• Shred receipts, statements, and other documents containing personally identifiable information
• Use anti-virus software on your computer and keep it updated
• Review your credit and bank reports, and other online accounts and profiles
• Create unique and strong passwords for your accounts
• Use the multi-factor authentication feature on your online accounts where possible
• Do not click attachments or links in phishing emails
• Do not reuse similar usernames or passwords on multiple online accounts
• Consider using a password vault to store your passwords and randomly generate strong passwords