Crisis & Data Breach Response

The potential financial, reputational, and legal exposure of a data breach is too great to not be adequately prepared. We help you develop the processes and skills to quickly and effectively respond to potential data breaches and assist you with comprehensive incident response services throughout the entire life cycle of an event.

Preparing for and responding to evolving cybersecurity threats requires fluency in an increasingly intricate fabric of global data protection laws and regulations as well as a thorough understanding of an increasingly sophisticated range of attack vectors and malicious threat actors. Look no further than Alston & Bird for a veteran team at the forefront of cybersecurity—from running tabletop exercises to prepare every level of your company to directing complex and high-stakes technical investigations to mobilizing a worldwide network of specialists—to defend your company against and respond to cybersecurity threats.

Our team has extensive experience in the wide spectrum of issues that often arise with cybersecurity incidents, and we leverage this experience to help companies efficiently manage incident response efforts across the enterprise. Two of our partners are former Department of Justice attorneys that have coordinated global investigations from inside the government. Our attorneys are also former big three consultants, chief information security officers, forensic consultants, and strategic business players in significant technology outsourcing deals. We maintain a Global Privacy and Security Network with leading privacy counsel in jurisdictions around the world, giving us key insight on the rapidly shifting legal landscape. We have well-established relationships with leading forensic consultants and can quickly launch forensic investigations using these relationships.

Our attorneys have handled incidents of all sizes, from state-sponsored attacks and sophisticated cyber-attacks by organized criminal groups to an employee accidentally sending an email with personal information outside the company. In essence—you name it, we’ve seen it, and we’ve responded to it. And if events lead to regulatory inquiries or litigation, our enforcement and litigation teams are well-positioned to defend your company, leveraging the efforts of our Crisis & Data Breach Response Team.

Drawing on our multidisciplinary team of attorneys, our team can also help develop and document an effective, security-oriented, and realistic data breach response plan tailored to your needs. We also review existing cyber-response plans to incorporate appropriate global legal standards, rules, and regulator expectations and integrate them with existing business continuity processes and procedures. We use trainings, tabletop exercises, and breach simulations to stress test these plans with robust practice to familiarize key company responders with the demands they will likely face in a material security incident.

Security Incident Response

Represented a health care client involved in a ransomware attack, requiring both a complex forensic investigation and extensive data review and restoration processes.
Represented a global company in connection with a network and cloud service provider attack by multiple state-sponsored actors targeting the infrastructure for both espionage and financial crime. The response included extensive forensic investigation and data analytics efforts to identify and report on impacted information affecting both individuals and companies as well as working with national security and law enforcement arms of the U.S. government.
Represented a global technology company in a targeted business email compromise scheme involving unauthorized wire transfers of multiple business partners over a several-month period.
Represented a health care client in an extensive cyber intrusion involving the collection of a large volume of data and provided advice on incident response, oversaw forensic investigators, and assisted with a large data review.
Representing a large health care provider in a vendor website breach, including vandalism and attempted theft of databases with millions of protected health information (PHI) records compromised.
Assisted one of the world’s largest payment processors with investigation and notification in a security incident involving a subsidiary’s e-commerce platform and payment card data. Our counsel included assistance with oversight of the forensic investigation, advising on issues related to investigation by the payment card brands, and individual and regulatory notifications in over 20 countries.
Assisted a major financial services holding company in managing incident response, regulatory inquiries, and extensive cooperation efforts with the FBI for one of the top-ten HIPAA breaches of 2018, resulting from social engineering and vishing attacks by foreign actors.
Represented a large telecommunications company in investigating a sophisticated state-sponsored attack with national security implications, including facilitation of classified law enforcement interactions.
Represented a large health care company in the review and analysis of a ransomware incident involving an extensive and sophisticated intrusion.
Represented a large international retail company with an incident involving cyber extortion of a subsidiary in connection with potential theft of personal data.

Assisted a regional financial institution with hundreds of locations in analyzing breach notification and response obligations for skimming incidents.
Assisted a community bank with the investigation and response of an incident involving placement of skimming devices on ATMs.
Represented several large global organizations in government-led national security investigations resulting from state-sponsored attacks originating from different countries and threat actors.
Represented a large, franchised restaurant business in a cybersecurity incident investigation, including ongoing analysis of cybersecurity insurance issues, incident litigation, and regulatory defense.
Represented one of the largest home improvement retailers in the U.S. in connection with a sophisticated cyberattack and criminal intrusion involving customized malware targeting payment card data from point-of-sale systems. The representation included, among other areas, coordinating with the payment card brand networks and federal and state law enforcement agencies, directing the forensic investigation of the PCI forensic investigator and other third-party forensic firms, and defending multiple putative class actions filed by financial institutions.
Represented a global diversified industrial company in connection with a targeted attack by sophisticated threat actors engaged in industrial espionage and financial fraud.
Represented a global provider of business information in connection with a sophisticated intrusion by Eastern European organized criminal groups that impacted data breach laws and regulations in over 50 countries. The incident response included directing a complex and technical forensic investigation involving U.S. and non-U.S. systems; analyzing U.S. state and federal and international breach notification statutes, regulations, and recommendations and coordinating the notification process; responding to numerous state attorneys general inquiries; development and execution of crisis communication plans; and participating in frequent senior executive and board-level meetings.
Represented a global payment processor in connection with a technical, complex computer crime investigation involving a sophisticated cyber threat actor. The crisis response effort included advising on myriad legal issues, including securities law guidance, regulatory issues, class action defense, governmental investigations, insurance coverage and issues, and more. We also supervised and managed a complex cyber forensic investigation that included a rapid response to a sophisticated intruder with deep and persistent access to the environment; development of containment, eradication, and remediation strategies; and coordination of the activities of multiple third parties, including an independent forensic investigator, several payment card brand networks, financial regulators, and federal law enforcement.
Represented a global retail company in a sophisticated cyberattack involving customized malware targeting payment card data from point-of-sale systems. The crisis response included coordinating the activities of multiple third parties, including state and federal regulators, payment card brand networks, federal law enforcement agencies, and the Department of Justice, as well as directing multiple third-party forensic firms in conducting a technical, forensic investigation.
Represented a global payments company in an extensive data theft incident by a former employee, including directing a technical forensic investigation, overseeing a complex fraud data analytics analysis, preparing evidence for law enforcement and federal prosecution, and counseling on disclosure and customer communications strategies.
Represented a global electronics company in connection with a sophisticated reshipping fraud scheme operated out of Eastern Europe impacting high-end electronics and involving multiple vendors of the company.
Represented one of the world’s largest interactive marketing services providers in a massive network breach involving more than 60 million individual records.
Advised a global energy company suspected of being compromised by advanced persistent threat actors. The response included enhanced monitoring of critical systems, preventive forensics including a breach indicator assessment, a review of existing investigations and law enforcement information, and assisting management with briefings to executives.
Represented a national provider of pediatric health services in an investigation of HIPAA security and privacy compliance initiated by the Office for Civil Rights of the Department of Health and Human Services and compliance with state security breach notification laws in connection with an incident involving a stolen laptop.
Representing a national document storage and retrieval company in connection with compliance with HIPAA/HITECH breach notification requirements and state breach notification compliance law in connection with an incident involving misdirected protected health information.

Incident and Data Breach Response Plan Development and Improvement

Representing one of the world’s largest retailers in developing its worldwide data breach response plan.
Developed global breach response plans for a global insurance company with operations in 27 countries.
Developed global breach response plans for a global shipment and logistics company with operations in multiple countries, including playbooks for specific jurisdictions and threat vectors.
Developed security incident and/or data breach response plans for several global insurance companies, financial institutions, e-commerce companies, retailers, global consulting firms, and digital media corporations.

Global Tabletop Exercises

Developed and facilitated cyber tabletop exercises for one of the largest shipment and logistics companies in the world, a global provider of health services, one of the largest financial institutions in the U.S., and several large global insurance companies.
Conducted international tabletop exercises in several Asian and South American countries for a global insurance company.
Supervised a tabletop exercise for a Fortune 50 company, coordinating with outside forensics and strategic communications firms.
Developed an executive-level cybersecurity training tabletop exercise for a large global manufacturing company, including the CEO and senior executives.
Facilitating annual or periodic tabletops for clients in various industries, including retail, manufacturing, financial services, health care, and technology.
Assisted all the companies for whom we developed, conducted, or facilitated tabletop exercises with enhancing their breach response strategies and procedures through prioritized recommendations and corrective action plans.

Contacts

Kimberly Kiefer Peretti

Partner

Washington, D.C.

Phone: +1 202 239 3720

Email: kimberly.peretti@alston.com

Katherine Doty Hanniford

Partner

Washington, D.C.

Phone: +1 202 239 3725

Email: kate.hanniford@alston.com

Kellen Dwyer

Partner

Washington, D.C., New York

Phone: +1 202 239 3240

Other Phone: +1 212 905 9340

Email: kellen.dwyer@alston.com

Crisis & Data Breach Response

Alston & Bird Global Privacy and Security Network (ABPSN)