For arguably the first time, a law firm, Johnson & Bell, has been sued by Edelman PC for lax data security practices that allegedly put client data at risk.

On December 9th, a Complaint filed against Johnson & Bell in federal court in Illinois was unsealed, which alleges that the firm used out of date safeguards for its information technology systems, failed to properly patch vulnerabilities, and failed to encrypt firm e-mail.

Johnson & Bell asserts that the lawsuit is “specious” and says it will vigorously defend the suit. According to Johnson & Bell, there was no breach of client information.

The suit requests attorneys’ fees and an order requiring an independent audit of the law firm’s data security. It is reportedly presently in arbitration and Edelson is pursuing class certification in the arbitration matter.

Edelson previously stated that it has conducted an investigation of law firm data security and that it planned to file suit against 15 law firms in the future.