Data Security Breaches
Our Data Breach Rapid Response team is distinguished as a proven, comprehensive service group bringing together our integrated white collar, privacy, cybersecurity, healthcare, financial services, corporate, intellectual property, employment, and litigation experience to help our clients develop properly tailored response plans, and to assist them, in the event of a breach, through each stage of crisis management. Working closely with top-flight forensics and identity theft experts, our interdisciplinary team provides clients with the benefit of counsel that thoroughly comprehends the objectives and procedures employed by enforcement authorities, and any civil actions triggered by a breach. Deploying this team, we guide clients through a step-by-step practical approach that includes:
- Breach Response Procedure & Policy
- Partnering with Law Enforcement
- Communications Management
- Anticipating Protracted Litigation
- Witness Services
Highlights of Representations Include:
- Advise FORTUNE 500 companies on the legal, technological, and policy measures to prepare for, respond to, and recover from breaches of data security caused by loss, theft, or other compromise of digital information.
- Barnes & Noble, in obtaining dismissal of data breach class action lawsuits involving alleged theft of payment card information. In re: Barnes & Noble Pin Pad Litigation, 2013 U.S. Dist. LEXIS 125730 (N.D. Il. 2013).
- SAIC, in obtaining dismissal of data breach class action lawsuits against defense contractor involving theft of data tape containing health care records. In re Science Applications Int'l Corp. Backup Data Tape Theft Litig., 45 F. Supp. 3d 14 (D.D.C. 2014).
- Horizon Healthcare, in obtaining dismissal of data breach class action lawsuits against health insurance company involving theft of laptops containing customer information. In re Horizon Healthcare Services Inc. Data Breach Litigation (D.N.J. March 31, 2015).
- AdobeSystems, Inc., in currently pending data breach class action lawsuits against leading digital marketing and media solutions company concerning network intrusion and possible theft of customer information. This matter resolved favorably for our client. See In re Adobe Systems, Inc., 2014 WL 4379916 (N.D. Cal. Sept. 4, 2014).
- Leidos, Inc., in obtaining dismissal of class action data breach litigation concerning theft of computer media containing health care information. Fernandez v. Leidos Inc. (E.D.Cal. 2014).
- UK-based financial institution in connection with the theft of account information relating to several million customer accounts. Working with a group of forensic experts, our Team (i) spearheaded the company's efforts to investigate the source of the data breach through US-based Internet service providers, (ii) coordinated with foreign firms and experts in international efforts to locate the thieves, (iii) advised the client in negotiations with persons in possession of portions of the stolen data, and (iv) assisted the client with its victim notification requirements under federal and the 50 states' laws. As a result of Arnold & Porter's efforts, the client was able to stave off the severe financial and reputational impacts that normally follow from such a breach.
- Large US manufacturing company in connection with the theft of employee benefits data by a ring of identity thieves. Our team worked with law enforcement in its effort to apprehend the thieves, and assisted the company in its investigation into the source of the breach, as well as in the efforts to assist the company employees correct their credit.
- New York area hospital in connection with the theft of several thousand patient records, and the use of those records to perpetrate a massive Medicaid fraud scam. We coordinated with law enforcement, spearheading the internal investigation into the source of the breach, and worked with the hospital with respect to victim notification.
- Served as expert witness on behalf of credit reporting agency in a civil case brought in federal court.
- Advised multinational defense and aerospace company and other government contractors on policies and procedures for the use of Internet, email, and information technology resources, and on the protection of the rights of employers and other owners and operators of electronic communications systems.