Data Privacy & Cybersecurity
We represent individuals and groups who have been harmed by data breaches, privacy violations and cyberattacks.
$6T
Cybercrime costs globally were an estimated $6 trillion in 2021.
1
Robert Muggah & Mac Margolis, “Why We Need Global Rules to Crack Down on Cybercrime,” World Economic Forum (Jan. 2, 2023).
93H
Massachusetts law requires businesses to notify affected residents when their personal information is compromised in a data breach.
2
William Dixon, “Fighting Cybercrime What Happens to the Law When the Law Cannot Be Enforced?,” World Economic Forum (Feb. 19, 2019).
$4.45M
The average cost of a data breach globally reached $4.45 million in 2023.
3
Jay Chaudhry, “Why Effective Cybersecurity and Risk Management are Crucial for Business Growth,” World Economic Forum (Jan. 9, 2024).
$10.93M
Healthcare data breach costs averaged $10.93 million in 2023.
4
Kesang Tashi Ukyab & Filipe Beato, “Healthcare Pays the Highest Price of Any Sector for Cyberattacks — That’s Why Cyber Resilience is Key,” World Economic Forum (Feb. 1, 2024).
In July 2024, Meta (formerly Facebook) settled with Texas for $1.4 billion over claims it unlawfully collected biometric data without consent.
5
Ken Paxton, “Texas Secures $1.4 Billion Settlement with Meta Over Biometric Data Violations,” Texas Attorney General (July 30, 2024).
Cybercrime is one of the greatest transfers of economic wealth in history, siphoning trillions of dollars annually. This undermines both innovation and investment. As we increasingly live our lives on the internet, even the tiniest details can be exploited and weaponized against us. It’s essential to proactively safeguard against these vulnerabilities. We help address these challenges to protect your digital rights and privacy.
In cases of data breaches or cyber-attacks, we can work to seek appropriate remedies for those whose personal information was compromised, and hold companies accountable when they fail to implement reasonable security measures required.
Overview
We provide legal guidance to address evolving digital threats, including the risks posed by quantum computing, to help protect clients’ digital rights and privacy.
We represent clients affected by data breaches, helping them understand their potential legal remedies under Massachusetts law.
Data Breach Impacts
Data breaches may cause significant harm to businesses and individuals. Beyond direct financial losses, those affected may experience anxiety, stress, and other emotional impacts. These effects can have lasting consequences for those whose personal information has been compromised.
The rapidly evolving nature of technology presents ongoing challenges to data security. As new systems emerge, they can create both opportunities and vulnerabilities that may affect the security of personal information. For example, quantum computers, with their capacity to break conventional encryption, threaten to compromise communication infrastructures.
5
Simon Torkington, “Quantum Computing Could Threaten Cybersecurity Measures. Here’s Why – and How Tech Firms Are Responding,” World Economic Forum (Apr. 23, 2024).
We assist clients in claims related to ransomware attacks, helping them pursue recovery for operational disruption, data loss, and ransom payments.
Your Rights
- Class Action Participation: Massachusetts law may permit individuals to join class actions lawsuits for substantial data breaches affecting many consumers.
- Privacy Protection: The Massachusetts Privacy Act protects against "unreasonable, substantial or serious" invasions of privacy and may provide remedies when companies mishandle personal information.
- Breach of Trust: Data breaches at institutions with fiduciary duties to clients can lead to breach of fiduciary duty claims.
- Consumer Protection: Violations of consumer protection laws due to poor data security can result in legal claims against companies.
- Emotional Distress: Individuals may seek damages for severe emotional impact resulting from a data breach that leads to public embarrassment or personal hardship.
We guide clients through class actions related to large-scale data breaches, seeking compensation for the exposure of sensitive personal, financial, and medical information.
Lawyers' Role
- Data Breach Litigation: We represent victims of data breaches, working diligently to obtain compensation for identity theft, financial loss, and other related damages through individual or class action lawsuits.
- Privacy Rights Enforcement: If you've been affected by unauthorized data sharing, personal data misuse, or violations of laws like GDPR or CCPA, we can advocate on your behalf.
- Cybersecurity Incident Response: We offer strategic legal support for victims of cyberattacks. Our team assists in the aftermath of ransomware, phishing, and other cyber threats, including legal guidance and negotiating with adversaries.
- Regulatory Compliance and Advisory: Our advisory services help clients navigate and comply with the intricate web of data protection and cybersecurity regulations to prevent future legal issues.
- Technology Litigation: We handle matters in the technology sector including software licensing and service agreement disputes.
How We Can Help
Cybersecurity Incident Response
Provide legal guidance for victims of ransomware attacks, cross-border data breaches, AI-powered cyber threats, and post-quantum encryption failures. Address compliance with Massachusetts breach notification laws (MGL c. 93H), federal regulations, and international data security standards while working to minimize liability and recover damages.
Privacy Rights Enforcement
Represent individuals harmed by unauthorized data sharing or misuse by corporations, AI-driven surveillance under Massachusetts privacy laws (MGL c. 214, §1B), GDPR, the Wiretap Act (18 U.S.C. § 2511), and emerging federal privacy statutes.
Class Action Litigation for Data Breaches
Advocate for groups affected by large-scale data breaches, pursuing claims for financial losses, emotional distress, and data exposure under MGL c. 93A, consumer protection statutes, and evolving cybersecurity laws.
Negligence and Security Failures
Pursue legal action against businesses, cloud service providers, and negligent tech firms responsible for security breaches, unauthorized surveillance, and privacy violations caused by inadequate cybersecurity in cloud storage, IoT devices, smart home technology, and AI-powered infrastructure.
Employee Data Breach Claims
Represent employees harmed by workplace data breaches involving personal, healthcare, biometric, or employment-related information. Pursue claims for violating Massachusetts privacy laws, federal employment regulations, and cybersecurity compliance requirements.
Read more
Biometric Data Privacy Violations
Assist clients affected by unauthorized biometric data collection (e.g. facial recognition, fingerprints, iris scans, and AI voice analysis). Pursue claims under Massachusetts consumer protection laws, biometric privacy statutes, and federal regulations.
Algorithmic Bias and AI Misuse
Advocate for individuals harmed by discriminatory AI systems in hiring, lending, insurance, healthcare, and law enforcement. Seek remedies and push for reforms to address algorithmic bias.
Social Media and Digital Privacy Claims
Represent clients in cases involving unauthorized data mining, exposed private communications, deepfake exploitation, AI-generated defamatory content, and social media platform negligence under Chapter 93A and federal privacy laws.
Crypto, Blockchain, and DeFi Fraud
Litigate fraud or breaches involving blockchain assets, DeFi (decentralized finance) scams, stolen cryptocurrency, smart contract failures, and NFT fraud. Apply Massachusetts securities laws (MGL c. 110A), consumer protection, and privacy statutes.
Financial Fraud Recovery
Support individuals and businesses harmed by phishing, synthetic identity theft, automated investment scams, unauthorized transactions, and algorithmic trading manipulation. Seek remedies under consumer protection laws, the Electronic Fund Transfer Act (15 U.S.C. § 1693), and SEC regulations.
Cloud Computing & Healthcare Data Breaches
Represent patients and consumers impacted by healthcare data breaches, ransomware attacks, and negligent medical record security. Seek accountability under HIPAA, GDPR, and MGL c. 93A.
Defend whistleblowers reporting cybersecurity or privacy violations under federal protections (e.g., Dodd-Frank Act) and state laws (e.g., MGL c. 149, § 185). Advocate for remedies in retaliation cases and pursue financial rewards under the False Claims Act, SEC Whistleblower Program, and Massachusetts False Claims Act.
AI-Generated Deepfake & Non-Consensual Content Litigation
Represent victims of deepfake exploitation or non-consensual synthetic media. Hold platforms, AI developers, and content providers accountable under privacy laws, including MGL c. 214, § 1B, and emerging AI and biometric privacy regulations.
Quantum Risk Litigation
Pursue claims under MGL c. 93A for foreseeable breaches caused by negligent preparation for quantum threats (e.g., lack of QRE planning), potentially violating 201 CMR 17.00 or federal standards.
Metaverse and Virtual Reality Privacy Claims
Represent users harmed by data exploitation, avatar tracking, or virtual harassment on metaverse platforms, enforcing privacy rights under MGL c. 214, § 1B, and applicable emerging digital privacy laws.
Synthetic Biology and Genetic Data Violations
Assist clients affected by the unauthorized use or breaches of genetic data by biotech firms, using Massachusetts privacy laws (MGL c. 214, § 1B) and federal health data regulations, such as HIPAA.
Autonomous Systems Liability
Represent victims of data breaches or cyberattacks involving autonomous vehicles or drones, holding manufacturers and operators liable under MGL c. 93A and relevant federal standards.
Neurotechnology Privacy Violations
Advocate for individuals whose brainwave or neural data is harvested or manipulated by emerging neurotech devices without consent, using evolving privacy laws to help safeguard mental autonomy and prevent AI-driven exploitation.
Insider Data Theft & SaaS Account Takeovers
Assist organizations harmed by insider misuse, account lockouts, unauthorized password/MFA resets, and customer-list exfiltration. Seek emergency injunctions and remedies under M.G.L. c. 93A, c. 93H, the Massachusetts Trade Secrets Act, and, where appropriate, the CFAA and SCA.
Children’s Data Privacy Protection
Advocate for children’s data privacy by holding tech companies accountable when apps or platforms violate COPPA or exploit minors’ information, driving stronger protections for kids online.
Critical Infrastructure Cyber Accountability
Pursue claims against utilities and other critical infrastructure operators when cybersecurity failures in power grids, healthcare systems, or transit networks lead to public harm, encouraging improved safeguards for vital services.
Reproductive Health Data Misuse
Challenge the non-consensual sharing or sale of sensitive health and location data related to reproductive care, seeking injunctive relief and compensation when such data is used to target or harm individuals.
Data Broker & Location‑Data Sales Litigation
We pursue class and individual actions against data brokers and apps that sell or leak precise location or sensitive health data without consent, seeking injunctive relief, deletion, and compensation.
