Subscribe To Our Newsletter
Gehry Partners, LLP experienced a cybersecurity incident in June 2025 that resulted in unauthorized access to certain personal information. Affected individuals are being offered 24 months of complimentary credit monitoring and identity protection services.
Who was affected:
Impacted Data:
Name
Gehry Partners, LLP (“Gehry”) recently disclosed a data privacy incident involving unauthorized access to personal information stored on its network. The breach occurred in June 2025 and impacted individuals whose information was contained in the affected data set. Gehry is now notifying impacted individuals and offering complimentary credit monitoring services.
On June 8, 2025, Gehry became aware of a disruption to its network environment. Upon discovery, the firm immediately took action to secure its systems and launched a thorough investigation into the nature and scope of the incident. As part of this response, Gehry retained independent forensic specialists to assist in identifying how the breach occurred and what data may have been impacted.
The investigation determined that between June 6, 2025 and June 9, 2025, certain data was accessed and acquired from Gehry’s network by an unauthorized actor. After confirming unauthorized access, Gehry conducted a comprehensive review of the contents of the potentially involved data to determine which individuals were affected.
On January 8, 2026, Gehry confirmed that some personal information belonging to affected individuals was present within the compromised data set. Although the firm has not publicly reported evidence of misuse of the data, unauthorized access to personal information can create ongoing risks of identity theft, fraud, and phishing schemes.
In response to the incident, Gehry secured its network environment, took portions of its network offline, and notified federal law enforcement authorities. The firm has stated that it takes the security and privacy of information in its possession seriously and has implemented additional safeguards to strengthen its cybersecurity defenses.
Professional service firms, including architecture and design partnerships, often maintain sensitive personal and financial information in connection with their business operations. When that data is accessed by unauthorized actors, affected individuals may face uncertainty and increased risk—even if no immediate misuse is detected.
At Class Action U, we believe organizations that collect and store personal information have a responsibility to implement reasonable safeguards. When a breach occurs, impacted individuals deserve transparency and the opportunity to understand their legal options.
Unauthorized access to Gehry’s network occurred between June 6, 2025 and June 9, 2025.
The disruption was identified on June 8, 2025, and Gehry confirmed on January 8, 2026 that personal information was present in the affected data set.
According to the notice, personal information present within certain files in the data set includes:
Name
Additional personal information (specific data elements were not detailed in the notice)
Affected individuals should carefully review their notification letter for specific information related to their case.
If you received a notification from Gehry Partners, LLP, consider taking the following steps:
Enroll in the complimentary 24 months of Single Bureau Credit Monitoring, Credit Report, and Credit Score services provided through Cyberscout, a TransUnion company.
Monitor your credit reports and financial account statements for suspicious activity.
Consider placing a fraud alert or security freeze on your credit file.
Report suspected identity theft to your financial institution, the Federal Trade Commission, and local law enforcement.
Remain vigilant against phishing emails or calls referencing this incident.
Taking proactive action can help reduce your risk of identity theft following a data breach.
If your personal information was exposed in the Gehry data breach, you may be eligible to pursue compensation. Data breaches can create long-term risks and force individuals to spend time and resources protecting their identity.
Class action lawsuits allow affected individuals to band together and seek accountability from organizations that fail to adequately safeguard personal information. You may be entitled to compensation for out-of-pocket costs, time spent monitoring your credit, and the increased risk of identity theft.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team
New cases and investigations, settlement deadlines, and news straight to your inbox.
A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.
Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.
If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.
To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.
Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.
Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.
