Cybersecurity & Data Breach Litigation

When so much is at stake, experience matters. Our top-notch litigators 

• Are seasoned trial lawyers who have tried as first-chair counsel many data breach class actions through verdict
• Possess extensive knowledge of our clients’ respective businesses, markets, and consumers 
• Have proven problem-solving capabilities, including capacity for large-volume discovery issues 
• Serve as counsel for insureds of major cyber risk insurance carriers 
• Defend self-insured entities 
• Are dedicated advocates committed to protecting your business 

How we work 

• Protecting your reputation and managing public relations strategy in high-profile cases 
• Collaborating with you to implement a litigation strategy that addresses your business needs and objectives
• Anticipating the plaintiffs’ next move as case theories in privacy litigation continue to evolve 
• Applying our experience winning early dismissals of cases by attacking plaintiffs’ lack of standing to sue, weak evidence of injuries, and class claims through enforcement of arbitration clauses
• Drawing on our deep bench of expert witnesses and talented attorneys with extensive experience in investigating and responding to data breaches 
• Providing comprehensive e-discovery services through Encompass, our in-house e-discovery team 

Clients & industries served

• Automotive
• Banking & Financial Institutions
• Education
• Energy & Utilities
• Healthcare 
• Insurance
• Manufacturing
• Pharmaceuticals & Medical Devices
• Technology
• Transportation

Following is a selected sampling of matters and is provided for informational purposes only. Past success does not indicate the likelihood of success in any future matter.

• Numerous Nelson Mullins attorneys have served as lead trial counsel (first chair) in data breach and privacy class action litigation. 
• Successfully handled as lead counsel appeals of breach of privacy cases before various appellate courts, including appeals relating to complex standing and class certification issues. 
• Defended clients in class actions and mass actions based on alleged violations of federal statutes, such as the Electronic Communications Privacy Act (ECPA), Computer Fraud and Abuse Act (CFAA), Telephone Consumer Protection Act (TCPA), Health Information Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Fair Credit Reporting Act (FCRA), Consumer Credit Protection Act (CCPA), and various state statutes and common law. 
• Extensive experience posturing difficult and factually sensitive privacy cases for favorable settlements. 
• Represented major hospital system in significant data breach litigation including complex application access issues resulting in favorable settlement of all claims. Obtained partial summary judgment based on lack of vicarious liability defense for regional hospital system in significant data breach litigation, leading to favorable resolution of remaining claims. 
• Obtained Rule 12 dismissal of regional hospital system based on a lack of legal duty owed in complex electronic medical records data breach. 
• Represented a wide range of industries including financial institutions, franchise operators, manufacturers, pharmacies, nonprofits, clinic systems, and hospital systems in data breach & privacy litigation brought by financial institutions, customers, patients, and employees. 
• Favorably resolved class action brought by unionized workforce for claims of breach of privacy based on common law causes of action and alleged violations of collective bargaining agreement. 
• Represented a medical device manufacturer whose former employee obtained access to the company’s computer systems on behalf of the client’s competitor. 
• Represented a manufacturing company in a dispute with an international customer over which entity was responsible for a “phishing” attack that resulted in a $1 million payment intended for the client instead being sent to Middle East hackers. 
• Represented a national provider of medical services, successfully transferring the case out of a heavily “plaintiff-friendly” jurisdiction. 
• Represented a medical billing and collections company in a dispute with a major hospital system as to which forensic data breach investigation consulting firm was accurate for purposes of the breadth of patient notice requirements and resulting multimillion-dollar indemnities. 
• Defended multinational manufacturing company from allegations that misdirection of customer payments resulting from “phishing” attacks created liability under negotiable instruments provisions of the Uniform Commercial Code (UCC). 
• Regularly advise national companies on litigation risks of state privacy laws, including the stringent California Consumer Privacy Act (CCPA). 
• Consult with international businesses on private action and regulatory liability under the General Data Protection Regulation (GDPR) of the European Union.