Cybersecurity, Cybercrime, & Incident Response

    Our recent significant engagements include representation and counsel for:
  • a financial services entity in responding to a data breach and potential loss of client PII (personally identifiable information) by utilizing our StraDIM (Strategic Discovery Information Management) team to identify potentially compromised information in client files, thereby permitting the client to notify its clients and state regulators, as necessary, of the potential data breach.
  • a middle office employee of a financial services firm charged by the US Attorney’s Office with hacking into his former employer’s email to steal company secrets; ultimately resolved via a misdemeanor plea and probation.
  • advising a financial software company about the application of, and compliance with, the new cybersecurity rules issued by the New York Department of Financial Services.
  • advising broker-dealers and investment advisers regarding the application of and compliance with cybersecurity rules to their businesses.
  • successfully defended an IT professional for a financial institution in a federal grand jury investigation in which the professional was suspected of “hacking back” in attempting to defend the financial institution from a cyber attack; no charges were brought.
  • defended a foreign payment card processor in extradition proceedings and in connection with his prosecution in the U.S. for his alleged role in a major cybercrime ring; negotiated plea and obtained a significantly reduced sentence for client, who was able to serve most of the sentence in his home country.
  • successfully brought an action on behalf of a small business under the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act to identify an individual who was illegally intercepting the business’s emails; upon identifying the violator, obtained a speedy and favorable resolution for the client.
  • an international dating website that was victimized by a DDoS (distributed denial of service) attack and extortion scheme, by working with in-house counsel and forensic experts to locate the perpetrators of the scheme, then presenting the matter to US law enforcement for prosecution.
  • various victims of cyber stalking and cyber extortion by teaming with computer forensics experts to seek to identity the locations and identities of the perpetrators, and by preparing “prosecution memos” for presentation to law enforcement personnel.

Looking Forward

We expect that private cybercriminals and sophisticated nation-state actors will continue to target businesses of all sizes and in all industries. Meanwhile, human error and trusted vendors will remain the biggest vectors for cyberattacks. We also expect that cybersecurity and data privacy compliance challenges will only become more complex for businesses. Lawmakers have taken note of the continuous stream of mega-breaches and have set about introducing ever-stricter data protection laws across the U.S. and around the world, such as the California Consumer Privacy Act. At the same time, regulators on both side of the Atlantic have issued record-setting fnes under the EU’s General Data Protection Regulation and U.S. laws such as the FTC Act and the Children’s Online Privacy Protection Act. And state attorneys general have been particularly active in seeking to make examples of firms for cybersecurity and privacy missteps.