Federal Judge Approves $232,500 Settlement and $78K Fees in St. Louis Law Firm Data Breach Case
In a swift victory for data privacy advocates, a Missouri federal judge greenlit a class action settlement against a prominent St. Louis law firm, holding the defendants accountable for a 2024 cyber breach that exposed thousands of clients’ sensitive information.
U.S. Magistrate Judge John M. Bodenhausen approved the $232,500 payout on October 15, 2025, in the Eastern District of Missouri, alongside nearly $78,000 in attorney fees for plaintiffs’ counsel. The ruling caps a whirlwind case sparked by a ransomware attack on Nahon, Saharovich & Trotz, a midsized personal injury firm with offices across Missouri, Tennessee, and Arkansas. Keywords like “St. Louis law firm data breach,” “federal data breach settlement,” “class action attorney fees,” “cybersecurity law firm breach,” and “Missouri data privacy lawsuit” are surging in searches, reflecting heightened scrutiny on legal sector vulnerabilities amid a 30% rise in U.S. law firm hacks this year.
The breach unfolded in March 2024, when hackers infiltrated the firm’s servers, compromising names, Social Security numbers, medical records, and financial details of over 15,000 clients and employees. Nahon, Saharovich & Trotz—a firm boasting 20+ attorneys and specializing in auto accidents and workers’ comp—self-reported the incident to regulators after discovering unauthorized access via phishing emails. Despite implementing multi-factor authentication post-breach, plaintiffs argued the firm lagged on basic cybersecurity like regular penetration testing, violating Missouri’s data breach notification laws and federal standards under the FTC Act.
Lead plaintiff Susan Garbarino, a former client whose injury claim records were exposed, filed the suit in April 2024, alleging negligence that heightened identity theft risks. The class ballooned to include all affected individuals, with claims centering on failure to safeguard personally identifiable information (PII). Negotiations wrapped by August, yielding the settlement without admissions of liability—standard in such cases to avoid protracted discovery.
Judge Bodenhausen’s 12-page order praised the deal as “fair, reasonable, and adequate,” citing low opt-out rates (under 1%) and no objections during the fairness hearing. The fund allocates $150,000 for cash payments—up to $50 per claimant for time spent monitoring credit—plus two years of free identity theft protection via Experian. The rest covers administration and enhancements to the firm’s cybersecurity, including mandatory employee training.
Plaintiffs’ counsel from California-based Cole & Van Note snagged $77,875 in fees—33% of the pot—plus $5,000 in costs, benchmarked against similar Midwest data breach resolutions. “This approval validates our push for accountability in an industry too often blind to digital threats,” said partner Elena Cole in a firm release, emphasizing the fee award incentivizes future suits against under-secured providers.
Legal watchers applaud the outcome but flag broader gaps. Cybersecurity expert Maria Gonzalez of the American Bar Association told Reuters the case highlights law firms’ “sitting duck” status, with 25% of U.S. breaches targeting legal entities in 2024 per Verizon’s DBIR. On X, reactions ranged from relief—”Finally, some justice for hacked clients,” tweeted @PrivacyWatchMO with 3K likes—to skepticism: “Fees eat half the pie again? Class actions need reform,” griped @LegalReformNow, sparking a 500-reply thread. Missouri AG Andrew Bailey’s office, monitoring the docket, hinted at potential state fines, tying into a wave of 15+ AG probes into corporate breaches this quarter.
For U.S. readers, this resonates on multiple fronts. Economically, it pressures the $400 billion legal services sector to invest in defenses—firms now face average $4.5 million breach costs, per IBM data—potentially hiking client fees but curbing systemic losses from identity fraud, which topped $10 billion in 2024 FTC reports. Politically, it fuels calls for a federal data privacy law, with bipartisan bills like the ADPPA gaining traction amid Missouri’s red-state pushback on mandates. Lifestyle impacts hit consumers hard: Exposed individuals grapple with endless credit freezes and scam calls, underscoring the personal toll of corporate lapses. Technologically, it spotlights tools like AI-driven threat detection, which could prevent 70% of phishing attacks if adopted widely.
User intent here targets resolution details and prevention tips—Google Trends shows “St. Louis law firm data breach settlement” up 350% since approval, mixing victim queries with business compliance searches. This piece distills court records and expert input for actionable clarity, sans legalese overload.
To compare this settlement with recent peers, here’s a snapshot:
| Case/Firm | Breach Date | Affected Individuals | Settlement Amount | Attorney Fees Awarded | Key Relief Provided |
|---|---|---|---|---|---|
| Nahon, Saharovich & Trotz (St. Louis) | Mar. 2024 | 15,000+ | $232,500 | $77,875 | Cash up to $50, 2-yr monitoring |
| Navvis/SSM Health (St. Louis) | 2024 | 1.2 million | $6.5 million | $2 million | Up to $7,000 reimbursement, monitoring |
| Saint Louis University | Feb. 2024 | 125,000 | $2 million | Not specified | Up to $2,500 out-of-pocket, $100 pro rata |
| Equifax (National) | 2017 | 147 million | $425 million | $100M+ (est.) | Credit monitoring, cash claims |
These figures illustrate a maturing field: Smaller settlements for targeted breaches, but fees consistently claiming 30-40%.
With payouts disbursing by December, this ruling not only compensates victims but signals escalating risks for non-compliant firms. As cyber threats evolve—ransomware up 20% in legal targets per FBI stats—expect more suits, tougher scrutiny, and a push for industry-wide encryption standards. In an age of endless data flows, today’s approval is a reminder: Safeguards aren’t optional; they’re the new billable hour.
By Sam Michael
Follow and subscribe to us to increase push notifications.
St. Louis law firm data breach, federal data breach settlement, class action attorney fees, cybersecurity law firm breach, Missouri data privacy lawsuit, Nahon Saharovich Trotz settlement, ransomware law firm attack