Cybersecurity, Cybercrime, & Incident Response

    Our recent significant engagements include representation and counsel for:
  • a financial services entity in responding to a data breach and potential loss of client PII (personally identifiable information) by utilizing our StraDIM (Strategic Discovery Information Management) team to identify potentially compromised information in client files, thereby permitting the client to notify its clients and state regulators, as necessary, of the potential data breach.
  • a middle office employee of a financial services firm charged by the US Attorney’s Office with hacking into his former employer’s email to steal company secrets; ultimately resolved via a misdemeanor plea and probation.
  • advising a financial software company about the application of, and compliance with, the new cybersecurity rules issued by the New York Department of Financial Services.
  • advising broker-dealers and investment advisers regarding the application of and compliance with cybersecurity rules to their businesses.
  • successfully defended an IT professional for a financial institution in a federal grand jury investigation in which the professional was suspected of “hacking back” in attempting to defend the financial institution from a cyber attack; no charges were brought.
  • defended a foreign payment card processor in extradition proceedings and in connection with his prosecution in the U.S. for his alleged role in a major cybercrime ring; negotiated plea and obtained a significantly reduced sentence for client, who was able to serve most of the sentence in his home country.
  • successfully brought an action on behalf of a small business under the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act to identify an individual who was illegally intercepting the business’s emails; upon identifying the violator, obtained a speedy and favorable resolution for the client.
  • an international dating website that was victimized by a DDoS (distributed denial of service) attack and extortion scheme, by working with in-house counsel and forensic experts to locate the perpetrators of the scheme, then presenting the matter to US law enforcement for prosecution.
  • various victims of cyber stalking and cyber extortion by teaming with computer forensics experts to seek to identity the locations and identities of the perpetrators, and by preparing “prosecution memos” for presentation to law enforcement personnel.

Looking Forward

2017 saw further evolution concerning both cyber threats and cybersecurity regulations and featured a parade of headline-grabbing attacks that disrupted businesses and even government agencies around the world. Regulators have also expanded their cybersecurity efforts, with the SEC establishing a specialized Cyber Unit that intends to examine whether entities adequately prepared for and disclosed cyber risks and incidents. The SEC has also signaled the likely issuance of new guidance to public companies on disclosing cybersecurity incidents, in a sign that the agency is looking to improve industry practices that have been criticized in the wake of massive, news-making breaches. Meanwhile, state agencies have become more engaged in this area, with strict new cybersecurity rules issued by the New York Department of Financial Services coming into effect and state Attorneys General being increasingly active in initiating investigations and bringing enforcement actions in the wake of data breaches.