Cybersecurity, Data Privacy and Incident Response

Print PDF


Results may vary depending on your particular facts and legal circumstances.

Authorized Breach Coach

Connell Foley LLP is proud to be designated an authorized Breach Coach® firm by NetDiligence®.

From initial crisis response and regulatory compliance to litigation preparation and mitigation of future risk, Connell Foley LLP’s Cybersecurity, Incident Response and Data Privacy team handles the full spectrum of complex issues related to a cyberattack. We bring more than 15 years of nationwide experience defending data breach litigation and regulatory enforcement actions to our representation of consumers and businesses victimized by cybercrime. Our clients include Fortune 100 corporations, start-ups, and privately held firms in various industries including healthcare, retail, education, state and local government, transportation, manufacturing, professional services, and others. Connell Foley also helps clients manage cyber risk and ensure resiliency relevant to risk assessments, policies and procedures, incident response planning and exercises, security awareness training, third party vendor management, and cyber insurance.

Breach Response Hotline Button

Connell Foley's Cybersecurity, Data Privacy and Incident Response Group offers the following:

  • Breach response services — In addition to offering a 24/7 Data Breach Response Hotline, Connell Foley serves as breach response counsel across various industries. We work with private companies, law firms and cyber liability insurance carriers on forensic investigations, breach notification, remediation, regulatory response and litigation. Our services include:
    • conducting an initial assessment and scoping of the data security issue
    • facilitation of digital forensics services to contain, analyze, investigate and remediate the incident
    • assessment of federal, state and local cybersecurity consumer and regulatory notification obligations
    • assessment of contractual reporting obligations with vendors, customers or other third parties
    • reporting to local federal law enforcement agents (FBI and US Secret Service)
    • drafting of consumer notification letters
    • facilitation of consumer remediation services, as necessary, which may include the provision of credit monitoring and/or identity theft protection services
    • drafting of regulatory and attorney general notification letters
    • facilitation of crisis communication services, as necessary, for response to media inquiries
    • reporting to key stakeholders as needed
    • responding to inquiries from regulatory officials
    • defending against regulatory investigations and enforcement actions
    • defending against third-party data breach-related litigation
    • participation and practice through Tabletop exercises
    • updating clients on developing cybersecurity legal and regulatory issues
  • Legal and regulatory compliance — We counsel leading companies in the United States on matters involving common law claims as well as the following federal and international laws:
    • Computer Fraud and Abuse Act (CFAA)
    • Stored Communications Act (SCA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • CAN-SPAM Act
    • Federal Trade Commission Act
    • General Data Protection Regulation (GDPR)
    • California Consumer Privacy Act (CCPA)
    • The Payment Card Industry Data Security Standard (PCI DSS)
    • Children's Online Privacy Protection Act (COPPA)
  • Representation in court and other proceedings — Clients throughout the country value our representation in federal and state courts and alternative dispute resolution forums, including defending against regulatory investigations and enforcement actions, and against third-party data breach-related litigation.
  • Counsel on social media — In response to our clients’ developing needs and the impact of technology and data privacy across numerous industries, the Group also advises companies and professionals on social media. Teaming with Connell Foley’s Labor and Employment and Professional Liability Practice Groups, we provide risk management advice on social media in the workplace and counsel clients on the implementation of policies to protect their corporate social media assets. We regularly offer guidance to law firms and insurance and other industry professionals regarding the impact of social networking on their industries and in litigation.

Thought leaders in cybersecurity, our lawyers frequently speak at national conferences and publish on this evolving field. We monitor legal and regulatory developments and advise clients on the technological changes shaping their business. Karen Painter Randall, Chair of our Cybersecurity, Data Privacy and Incident Response Group, recently received a third American Bar Association presidential appointment to the ABA’s Cybersecurity Legal Task Force. She also founded and chairs the New Jersey State Bar Association’s Cybersecurity Legal Task Force. Most recently, she created and now chairs the first Cybersecurity Task Force in the southeast for the University Of South Carolina School Of Law. 

In 2019, Connell Foley received a "Best Practices Award" from CIANJ for the firm's submission on the most important factors in responding to a ransomware attack. In addition, Karen Painter Randall was selected by NJBIZ as the only attorney among 34 honorees to receive an inaugural "NJ Digi-Tech Innovators Award;" she received the bi-annual award again in 2021.

24/7 Data Breach Response Hotline

Recognizing that immediate action and crisis management are crucial in the event of a breach, Connell Foley's Cybersecurity, Data Privacy and Incident Response team is available to assist businesses 24 hours a day, 7 days a week:

Phone: 973.840.2500



Recent Representative Incident Response Matters (investigation, containment/eradication, assessment, notification, remediation):

Results may vary depending on your particular facts and legal circumstances.

  • Insider Wrongdoing: Served as breach response counsel for client related to insider wrongdoing involving unauthorized access to the personally identifiable information of co-workers’ payroll information.
  • Website Compromise: Served as breach response counsel for client regarding unauthorized access to client’s website involving the inadvertent disclosure of customer’s personally identifiable information including credit card/payment information.
  • Insider Wrongdoing: Served as breach response counsel for client regarding inadvertent disclosure of customers’ banking information requiring notification and regulatory evaluation under Gramm Leach Bliley Act.
  • Social Engineering: Served as breach response counsel to provider of MRO whose employee responded Reply All to a phishing email purporting to be from the CEO, sending the companies’ W2's for all U.S.-based employees for the past two years.
  • Insider Wrongdoing: Served as breach response counsel for client related to insider wrongdoing involving the theft of employee personnel files containing personally identifiable information, including Social Security numbers, bank account numbers/PINS and protected health information.
  • Business Email Compromise: Represented professional clients in external system breaches involving phishing emails wherein funds were fraudulently wired.
  • Theft of School Files: Represented school district regarding theft of student IEPs from employee’s vehicle, and advised them regarding notification and privacy implications under FERPA.
  • Technical Support Compromise: Served as breach response counsel to accounting firm involving a “Microsoft Premium Technical Support” compromising the tax returns of its clients.
  • Social Engineering/Ransomware: Served as breach response counsel to a school district infected with malware indicative of two banking Trojans, Emotet and Trickbot wherein the credentials of its employees who entered them into financial institution website or other similar website were compromised. Followed by ransomware attack.
  • Ransomware: Served as breach response counsel to law firm who was the victim of a ransomware attack (Ryuk), and worked with forensics and bitcoin broker to pay ransom, obtain the decryption key for the return of data and restore.
  • Social Engineering: Represented law firm wherein a third party gained unauthorized access to email account, and advised regarding obligations under applicable state statute and requirements as bankruptcy trustee.
  • Social Engineering: Served as breach response counsel to accounting firm involving a third party gaining unauthorized access to email account and firm’s portal storing confidential client information.
  • HIPAA: Represented physical therapist facility related to former employees downloading client email list prior to departure to advise on applicable state statute and HIPAA requirements.
  • HIPAA: Represented third-party organization that uses data analytics to promote patient safety and quality healthcare to advise them on potential HIPAA violation associated with information provided from a covered entity.
  • Social Engineering: Represented service provider to insurance carriers in connection with processing premium payments under their Pay-As-You-Go workers compensation policy involved in a phishing attack, which resulted in unauthorized access to information contained within an employee’s email account. Data mining services were deployed.

News & Insights





Blog Posts

Practice Chair

Back to Page