Background - Privacy & Cybersecurity

Privacy and Cybersecurity Investigations


Data thefts, cyber hacking, denial-of-service attacks, ransomware, and other threats to electronically stored information are growing in both scope and sophistication. The costs associated with preventing and responding to such events—whether in lost revenues, tarnished reputations, regulatory fines, government investigations, and consumer class action lawsuits—are also increasing.

Cyber intrusions, however, do not have to mean catastrophe for a business. Planning and preparation are key.  Have a strategy including a crisis management action plan so that your outside team of lawyers and security experts can conduct a timely investigation, advise on remedial actions to limit the harm, and determine what if any government and non-government notifications are necessary.  These measures can make the difference between letting a crisis drive your response, and executing a well-planned and practiced response strategy that moves your business forward with limited reputational and financial harm.

The reality is that when a company experiences a cyber incident or data loss it is a crisis. It is imperative that any company experiencing this kind of incident move quickly to manage the crisis and limit legal liability.   And while it’s important to be prepared and manage the incident quickly, it’s never too late to bring in experts.  Our lawyers and investigators step into data and cyber crises in almost every industry and team with forensic experts to conduct privileged investigations with an eye towards remediation while simultaneously developing defenses to regulatory enforcement actions and class actions.


Any breach requires a thorough investigation.  Our Privacy and Cybersecurity Investigations lawyers hit the ground immediately upon retention and act quickly to determine the cause and scope of the incident. We then help clients determine whether—and to what degree—remediation is necessary and identify and mitigate any potential legal liability. Our services typically include:

  • Conducting a privileged investigation to determine the nature and scope of the incident, the likelihood that unauthorized entities accessed proprietary systems or devices, whether the actors are still in your systems, and what if any data has been exfiltrated.
  • Advising on legal notification requirements to federal and state regulators, and to any private parties, including the nature and extent of notifications required.
  • Drafting any required notifications to individuals and regulators. 
  • Advising on the practical and legal risks of paying a ransom demand in the case of a ransomware attack that demands money to unlock critical business data.
  • Developing a brand protection strategy to assist with crisis management, internal decision-making, and external communications to the public, Congress, and other potential stakeholders.
  • Advising on immediate measures that will minimize reputational harm and protect business networks from future incidents.


Our team is well-versed in the expectations of state and federal regulators, and many of our lawyers come from government.  Recognized by Chambers USA as among the top practices in the nation for Privacy and Cybersecurity, the team includes former senior leadership at the Department of Homeland Security (DHS) and key personnel at other U.S. government agencies including the former Federal Trade Commission Chief Privacy Officer. We have a track record of effectively responding to government inquiries and investigations, and fending off formal enforcement actions.  At the same time, when necessary we have achieved very favorable negotiated outcomes for our clients in a manner that protects the businesses we represent. 

We have existing relationships with forensic vendors and have clearly established protocols in place to maximize privileged communications and ensure the free flow of information to and from key decisionmakers. Our trial team has handled major data breach and related litigation, and federal and state actions, and has strong capabilities in addressing litigation risks and legal developments across the range of cyber and data security threats.

Representative Matters

  • Defended a health care client in two separate breaches. In incidents that both involved more than 1.5 million plan members, we represented the client throughout the breach response process, including the internal investigation and investigations by state attorneys general and departments of insurance and the U.S. Health and Human Services Office of Civil Rights (OCR). We also defended the client against numerous related class action lawsuits, and ultimately resolved the OCR investigation without payment of fines or mandatory corrective actions.
  • Represented a HIPAA-covered entity. When an employee of our client’s business associate stole and sold data regarding the client’s employees, we persuaded the business associate to pay for all costs related to the incident investigation and notification, and obtained a broad indemnity agreement.
  • Represented a Fortune 500 company in cyber theft litigation. In addition to providing litigation counsel, we coordinated forensics efforts to track down and prove improper download of company computer files and addressed issues relating to computer management and inventory of data. 
  • Represented a global provider of software to the energy industry in response to a security incident. We handled all aspects of the incident response, including the investigation and notifications to individuals, state attorneys general, and our client’s utility clients. We also worked with the company to develop post-incident processes that were satisfactory to their utility clients, including recommending changes to the customer application and data collection process for utility rebate programs.
  • Advised and represented energy and energy transportation companies on multiple and simultaneous investigations. These investigations were in connection with an intrusion by an advanced threat actor related to industrial control and business systems. 
  • Represented a transportation industry client in a breach involving sensitive employee information. We coordinated the forensic investigation, reported to and assisted the FBI and local law enforcement in the criminal investigation, prepared notification to individuals and authorities, negotiated credit services, and assisted with public relations issues. No enforcement actions were brought, and the client received multiple letters from attorneys general praising its prompt and effective response to the situation.
  • Represented a Fortune 500 health care services provider in response to a stolen laptop containing sensitive information. We assisted with forensics, notification to individuals and authorities, coordination of public communications, and the defense of state and federal regulator investigations.
  • Represented a global financial institution on a sophisticated international criminal attack involving theft of significant funds. Our investigation involved coordinating with the client’s insurance company and multiple federal law enforcement agencies, and resulted in the criminal prosecution and arrest of the attackers.
  • Advised a national retail chain on theft of millions of financial information records. This matter required an extensive investigation involving federal and state law enforcement coordination and nationwide disclosures.   
  • Represented a defense contractor targeted by a hacktivist group. The system of our client’s vendor was accessed by a hacktivist group and employee travel information and PII was compromised. We assisted with the forensic investigation and coordinated with the vendor organization to provide notification to individuals and authorities. We also assisted our client with internal notifications and employee-relations issues.
  • Represented a trade association in investigating and responding to a cybersecurity attack. We prepared notifications to individuals whose information may have been accessed, retained and directed a forensic consultant to investigate the cyber incident, provided guidance to our client’s employees to prevent similar incidents, and assisted with outreach to law enforcement.
  • Advised a large company on the payment of a “ransom” and the legal and policy issues surrounding such action.  We engaged in time sensitive discussions to evaluate for this client the legal issues surrounding the payment of funds to an unknown third party in exchange for the unlocking of data, and the policy and reputational implications of doing so.