Cybersecurity, Cybercrime, & Incident Response

    Our recent significant engagements include representation and counsel for:
  • a financial services entity in responding to a data breach and potential loss of client PII (personally identifiable information) by utilizing our StraDIM (Strategic Discovery Information Management) team to identify potentially compromised information in client files, thereby permitting the client to notify its clients and state regulators, as necessary, of the potential data breach.
  • a middle office employee of a financial services firm charged by the US Attorney’s Office with hacking into his former employer’s email to steal company secrets; ultimately resolved via a misdemeanor plea and probation.
  • advising a financial software company about the application of, and compliance with, the new cybersecurity rules issued by the New York Department of Financial Services.
  • advising broker-dealers and investment advisers regarding the application of and compliance with cybersecurity rules to their businesses.
  • successfully defended an IT professional for a financial institution in a federal grand jury investigation in which the professional was suspected of “hacking back” in attempting to defend the financial institution from a cyber attack; no charges were brought.
  • defended a foreign payment card processor in extradition proceedings and in connection with his prosecution in the U.S. for his alleged role in a major cybercrime ring; negotiated plea and obtained a significantly reduced sentence for client, who was able to serve most of the sentence in his home country.
  • successfully brought an action on behalf of a small business under the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act to identify an individual who was illegally intercepting the business’s emails; upon identifying the violator, obtained a speedy and favorable resolution for the client.
  • an international dating website that was victimized by a DDoS (distributed denial of service) attack and extortion scheme, by working with in-house counsel and forensic experts to locate the perpetrators of the scheme, then presenting the matter to US law enforcement for prosecution.
  • various victims of cyber stalking and cyber extortion by teaming with computer forensics experts to seek to identity the locations and identities of the perpetrators, and by preparing “prosecution memos” for presentation to law enforcement personnel.

Looking Forward

The coming change of administration in the U.S. promises more aggressive cybersecurity and data privacy enforcement from federal regulators. On the state level, California’s recently passed Privacy Ballot Initiative imposes new privacy rules—in addition to those in the California Consumer Privacy Act—on any business with sufficient contacts with that sta. And internationally, countries around the world are racing to adopt new data protection laws while foreign regulators, particularly those within the EU, are becoming more aggressive in seeking to punish businesses for missteps and noncompliance. At the same time, we expect that private cyber-criminals and sophisticated nation-state actors will continue to target businesses of all sizes and in all industries. Meanwhile, human error and trusted vendors will remain the biggest vectors for cyberattacks. If businesses have not done so already, now is a good time to reassess their cybersecurity and data privacy programs.