Kamal Ghali - Cyber & Digital Litigation Experience
Kamal Ghali is a former U.S. Department of Justice cybercrime prosecutor, and he leads the firm’s Cyber & Digital Litigation practice. He represents companies and individuals victimized by cyber attacks, data breaches, trade secret theft, and cryptocurrency fraud.
He is a frequent lecturer on data security and cybercrime, a member of the Sedona Conference’s drafting committee on "Model Data Breach Notification Principles," and the former Deputy Chief of the Cyber and Intellectual Property Crime Section of the U.S. Attorney’s Office in Atlanta.
He returned to Bondurant after serving as a federal prosecutor in the U.S. Department of Justice for over six years, as an Assistant United States Attorney (AUSA) in Atlanta and the lead Computer Hacking and Intellectual Property Crime ("CHIP") Prosecutor. In that role, he was the law enforcement point of contact for all cyber events impacting the Northern District of Georgia. He worked with the FBI and U.S. Secret Service to investigate high-profile cyber matters, including state-sponsored cyber intrusions, cases involving over 100 data breaches, the City of Atlanta ransomware attack, and prolific Russian hackers. He is also the recipient of a DOJ Director’s Award from Deputy Attorney General Rod Rosenstein for superior performance in co-prosecuting the promoters and developers of SpyEye, a pernicious malware that inflicted nearly a billion dollars in losses around the world.
His cyber security investigation experience includes business email compromises, proprietary data thefts, attacks on energy companies and defense contractors, trade secret theft, attacks in the payment processing environment, dark web forum investigations, ransomware attacks, extortion, voting database intrusions, digital currency frauds, criminal copyright matters, and prosecuting numerous international targets including from Russia, Ukraine, Iran, Estonia, the Czech Republic, Algeria, Moldova, Nigeria, and the UK. He has substantial experience litigating data theft issues, privacy violations, and other data security matters.
REPRESENTATIVE CYBER AND DATA SECURITY LITIGATION EXPERIENCE
Represented a major data services company in obtaining a temporary restraining order and injunction in federal court against a contractor in possession of sensitive customer information;
Represented a major media company in a ransomware attack that threatened to disrupt broadcasting and advised on the immediate data security incident and potential litigation;
Represented a major data services company in successfully dismissing a complaint filed in California federal court alleging violations of the California Unfair Competition Law, the Gramm-Leach Billey Act, the California Insurance Information and Privacy Act, and other privacy regulations;
Represented a major data services company in a software litigation dispute involving RICO, breach of contract, and fraud claims;
Represented multiple individuals victimized by cyber-extortion schemes and advised on targeted law enforcement referrals;
As an AUSA, prosecuted multiple foreign targets who perpetrated one of the most sophisticated cyberattacks of all time, which included obtaining 44.5 million debit card numbers from a payment processing company, distributing 44 of the debit card numbers to a team of cashers deployed around the world, and cashing out over $9 million from 2100 ATMs in 250 cities around the world;
As an AUSA, prosecuted and investigated a number of Point-of-Sale terminal thefts of credit card data;
As an AUSA, prosecuted the promoters and developers of SpyEye, a pernicious malware that inflicted nearly a billion dollars in harm around the world;
As an AUSA, prosecuted cybercrimes involving data thefts from cloud-based service providers;
As an AUSA, prosecuted one of the largest international sextortion cases in DOJ history;
As an AUSA, investigated matters involving attacks on critical infrastructure, including state-sponsored attacks.
Speaker, “Cybersecurity and Data Breach Class Actions,” Georgia ICLE Class Actions Seminar, October 4, 2019.
Dialogue Leader, The Sedona Conference Working Group 11 Midyear Meeting 2019 in Montreal on September 19 on “Model Data Breach Notification Principles.”
Co-Author, The Sedona Conference Draft Commentary on Proposed Model Data Breach Notification Law, June 2019
Co-Author (with John Floyd), How Corporate Data Breach Victims Can Use the Georgia RICO Statute to Recover their Data, Law.com, May 31, 2019
Speaker, Association of Corporate Counsel Value Challenge, "What to do when a foreign government steals your company's data," April 30, 2019.
Author, How Private Trade Secret Cases Collide With DOJ’s War on Criminal Trade Secret Theft, Law.com, March 19, 2019
Author, What We Can Learn from the FBI’s Disruption of North Korea’s Botnet, Law.com, February 20, 2019
Speaker, Healthcare Compliance Association’s Regional Atlanta Conference, “Cybersecurity & Privacy,” Feb. 13, 2019
Speaker, Advanced Health Law, Continuing Legal Education of Georgia State Bar Seminar, “Cybersecurity: Anatomy of a Healthcare Data Breach,” October 12, 2018
Closing Keynote Speaker, Cybersecurity Summit Atlanta, “Conducting Cyber Investigations,” February 2018
Speaker, Atlanta Police Department, “Electronic Evidence Overview,” August 4, 2017
Speaker, Gastroenterology Practice Management Group Conference, “Cyber Threat Trends in the Healthcare Field,” March 2017
Author, “U.S. v. Panin: Sentencing Challenges in Botnet Cases,” U.S. Department of Justice Computer Hacking and Intellectual Property Newsletter, CHIP NEWS, July 2016
Speaker, PLUS Lifecycle of a Cyber-Liability Claim Conference, Cyber Attack Trends in 2016 and Beyond,” May 2016
Speaker, Information and Cyber Governance, Data Analytics and Privacy Briefing, “View from the Government,” May 2015