Privacy and Cybersecurity Investigations

Professionals >

Contacts >

Representative Matters >

Data thefts, cyber hacking, denial-of-service attacks, ransomware, and other threats to electronically stored information are growing in both scope and sophistication. The costs associated with preventing and responding to such events—whether in lost revenues, tarnished reputations, regulatory fines, government investigations, and consumer class action lawsuits—are also increasing.

Cyber intrusions, however, do not have to mean catastrophe for a business. Planning and preparation are key.  Have a strategy including a crisis management action plan so that your outside team of lawyers and security experts can conduct a timely investigation, advise on remedial actions to limit the harm, and determine what if any government and non-government notifications are necessary.  These measures can make the difference between letting a crisis drive your response, and executing a well-planned and practiced response strategy that moves your business forward with limited reputational and financial harm.

The reality is that when a company experiences a cyber incident or data loss it is a crisis. It is imperative that any company experiencing this kind of incident move quickly to manage the crisis and limit legal liability.   And while it’s important to be prepared and manage the incident quickly, it’s never too late to bring in experts.  Our lawyers and investigators step into data and cyber crises in almost every industry and team with forensic experts to conduct privileged investigations with an eye towards remediation while simultaneously developing defenses to regulatory enforcement actions and class actions.


Any breach requires a thorough investigation.  Our Privacy and Cybersecurity Investigations lawyers hit the ground immediately upon retention and act quickly to determine the cause and scope of the incident. We then help clients determine whether—and to what degree—remediation is necessary and identify and mitigate any potential legal liability. Our services typically include:

  • Conducting a privileged investigation to determine the nature and scope of the incident, the likelihood that unauthorized entities accessed proprietary systems or devices, whether the actors are still in your systems, and what if any data has been exfiltrated.
  • Advising on legal notification requirements to federal and state regulators, and to any private parties, including the nature and extent of notifications required.
  • Drafting any required notifications to individuals and regulators. 
  • Advising on the practical and legal risks of paying a ransom demand in the case of a ransomware attack that demands money to unlock critical business data.
  • Developing a brand protection strategy to assist with crisis management, internal decision-making, and external communications to the public, Congress, and other potential stakeholders.
  • Advising on immediate measures that will minimize reputational harm and protect business networks from future incidents.


Our team is well-versed in the expectations of state and federal regulators, and many of our lawyers come from government.  Recognized by Chambers USA as among the top practices in the nation for Privacy and Cybersecurity, the team includes former senior leadership at the Department of Homeland Security (DHS) and key personnel at other U.S. government agencies including the former Federal Trade Commission Chief Privacy Officer. We have a track record of effectively responding to government inquiries and investigations, and fending off formal enforcement actions.  At the same time, when necessary we have achieved very favorable negotiated outcomes for our clients in a manner that protects the businesses we represent. 

We have existing relationships with forensic vendors and have clearly established protocols in place to maximize privileged communications and ensure the free flow of information to and from key decisionmakers. Our trial team has handled major data breach and related litigation, and federal and state actions, and has strong capabilities in addressing litigation risks and legal developments across the range of cyber and data security threats.

View More

"Fireside: Our National Cybersecurity Strategy," 2023 National Cyber Innovation Forum, Reston, VA (January 31, 2023). Moderator: Evan Wolff.
"Section 230: An Overview of the Legal and Policy Framework," Crowell & Moring Webinar, 2023. (January 26, 2023). Speakers: Mohamed Awan, Monty Cooper, and Neda M. Shaheen.
FCC's Proposed Updated Breach Notification Requirements Could Spur 'Logistical Nightmare' Legaltech News (January 23, 2023)
Press Coverage
"Cyber and Physical Attacks on the Electric Grid Should Prompt New Year’s Resolutions for the Energy Industry," Environment & Natural Resources Law Alert (January 13, 2023). Contacts: Tyler A. O'Connor, Evan D. Wolff, Matthew B. Welling, Maida Oringher Lerner, Deborah A. Carpentier, Michael G. Gruden, CIPP/G
Client Alert/Newsletter
As Companies' Fears of Data-Breach-Litigation Soar, Legal Terrain Rife With Uncertainty Corporate Counsel (January 12, 2023)
Press Coverage
Crowell & Moring Promotes Largest Partner Class In Its History Law360 (January 11, 2023)
Press Coverage
Uber Scrutiny Of Cybersecurity (January 10, 2023). Author: Jennie Wang VonCannon, CIPP/US.
Healthcare Vendors Are The New Front Of The Cybersecurity War Modern Healthcare (subscription required) (January 3, 2023)
Press Coverage
Legal Tech's Milestones For Cybersecurity And Privacy In 2022 Legaltech News (December 30, 2022)
Press Coverage
California: Court Announces Motion For Preliminary Approval Of $725M Settlement With Facebook For Class Action OneTrust DataGuidance (December 23, 2022)
Press Coverage

To view more News & Events for this area, please go to our desktop site.

Crowell & Moring LLP is an international law firm with offices in the United States, Europe, MENA, and Asia that represents clients in litigation and arbitration, regulatory and policy, and transactional and corporate matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation and government-facing matters, as well as its ongoing commitment to pro bono service and diversity, equity, and inclusion.

View Desktop Site | Mobile Sitemap |

Contact | Subscribe | Terms of Use | Privacy Statement | Alumni

© Crowell & Moring LLP 2023
Attorney advertising - prior results do not guarantee a similar outcome.