Kamal Ghali - Cyber & Digital Litigation Experience

Return to full bio

Kamal Ghali is a former U.S. Department of Justice cybercrime prosecutor, and he leads the firm’s Cyber & Digital Litigation practice. He represents companies and individuals victimized by cyber attacks, data breaches, trade secret theft, and cryptocurrency fraud. 

He is a frequent lecturer on data security and cybercrime, a member of the Sedona Conference’s drafting committee on "Model Data Breach Notification Principles," and the former Deputy Chief of the Cyber and Intellectual Property Crime Section of the U.S. Attorney’s Office in Atlanta.

He returned to Bondurant after serving as a federal prosecutor in the U.S. Department of Justice for over six years, as an Assistant United States Attorney (AUSA) in Atlanta and the lead Computer Hacking and Intellectual Property Crime ("CHIP") Prosecutor. In that role, he was the law enforcement point of contact for all cyber events impacting the Northern District of Georgia. He worked with the FBI and U.S. Secret Service to investigate high-profile cyber matters, including state-sponsored cyber intrusions, cases involving over 100 data breaches, the City of Atlanta ransomware attack, and prolific Russian hackers. He is also the recipient of a DOJ Director’s Award from Deputy Attorney General Rod Rosenstein for superior performance in co-prosecuting the promoters and developers of SpyEye, a pernicious malware that inflicted nearly a billion dollars in losses around the world.

His cyber security investigation experience includes business email compromises, proprietary data thefts, attacks on energy companies and defense contractors, trade secret theft, attacks in the payment processing environment, dark web forum investigations, ransomware attacks, extortion, voting database intrusions, digital currency frauds, criminal copyright matters, and prosecuting numerous international targets including from Russia, Ukraine, Iran, Estonia, the Czech Republic, Algeria, Moldova, Nigeria, and the UK. He has substantial experience litigating data theft issues, privacy violations, and other data security matters.

REPRESENTATIVE CYBER AND DATA SECURITY LITIGATION EXPERIENCE

Represented a major data services company in obtaining a temporary restraining order and injunction in federal court against a contractor in possession of sensitive customer information;

Represented a major media company in a ransomware attack that threatened to disrupt broadcasting and advised on the immediate data security incident and potential litigation;

Represented a major data services company in successfully dismissing a complaint filed in California federal court alleging violations of the California Unfair Competition Law, the Gramm-Leach Billey Act, the California Insurance Information and Privacy Act, and other privacy regulations;

Represented a major data services company in a software litigation dispute involving RICO, breach of contract, and fraud claims;

Represented multiple individuals victimized by cyber-extortion schemes and advised on targeted law enforcement referrals;  

As an AUSA, prosecuted multiple foreign targets who perpetrated one of the most sophisticated cyberattacks of all time, which included obtaining 44.5 million debit card numbers from a payment processing company, distributing 44 of the debit card numbers to a team of cashers deployed around the world, and cashing out over $9 million from 2100 ATMs in 250 cities around the world;

As an AUSA, prosecuted and investigated a number of Point-of-Sale terminal thefts of credit card data;

As an AUSA, prosecuted the promoters and developers of SpyEye, a pernicious malware that inflicted nearly a billion dollars in harm around the world;

As an AUSA, prosecuted cybercrimes involving data thefts from cloud-based service providers;

As an AUSA, prosecuted one of the largest international sextortion cases in DOJ history;

As an AUSA, investigated matters involving attacks on critical infrastructure, including state-sponsored attacks.

PUBLICATIONS/SPEAKING ENGAGEMENTS
Kamal Ghali to speak on Sedona Conference’s Proposed Model Data Breach Notification Law Panel  - April 21, 2020

Kamal Ghali interviewed about Chinese economic espionage and threats to educational institutions, February 14, 2020, WSB-TV  - February 21, 2020

Speaker, “Cybersecurity and Data Breach Class Actions,” Georgia ICLE Class Actions Seminar, October 4, 2019.

Dialogue Leader, The Sedona Conference Working Group 11 Midyear Meeting 2019 in Montreal on September 19 on “Model Data Breach Notification Principles.”

Co-Author, The Sedona Conference Draft Commentary on Proposed Model Data Breach Notification Law, June 2019

Co-Author (with John Floyd), How Corporate Data Breach Victims Can Use the Georgia RICO Statute to Recover their Data, Law.com, May 31, 2019

Speaker, Association of Corporate Counsel Value Challenge, "What to do when a foreign government steals your company's data," April 30, 2019.

Speaker, Lightfoot White Collar Institute, “Cybercrime and Economic Espionage: Privacy, Speech, Defense and Safety,” May 8, 2019

Speaker, Atlanta Bar Association’s 15th Annual Intellectual Property Springposium, “Data Security and Privacy for IP Owners & Firms,” April 27, 2019

Author, How Private Trade Secret Cases Collide With DOJ’s War on Criminal Trade Secret TheftLaw.com, March 19, 2019   

Author, What We Can Learn from the FBI’s Disruption of North Korea’s Botnet, Law.com, February 20, 2019

Speaker, Atlanta Bar Association Criminal Law Section, “Cybersecurity and Privacy,” Feb. 13, 2019

Moderator, Cybersecurity Summit Atlanta, “Into the Breach – What to do Before, During and After a Breach,” Feb. 13. 2019

Speaker, Healthcare Compliance Association’s Regional Atlanta Conference, “Cybersecurity & Privacy,” Feb. 13, 2019

Speaker, Advanced Health Law, Continuing Legal Education of Georgia State Bar Seminar, “Cybersecurity: Anatomy of a Healthcare Data Breach,” October 12, 2018

Closing Keynote Speaker, Cybersecurity Summit Atlanta, “Conducting Cyber Investigations,” February 2018

Speaker, Atlanta Police Department, “Electronic Evidence Overview,” August 4, 2017

Speaker, Gastroenterology Practice Management Group Conference, “Cyber Threat Trends in the Healthcare Field,” March 2017

Author, “U.S. v. Panin: Sentencing Challenges in Botnet Cases,” U.S. Department of Justice Computer Hacking and Intellectual Property Newsletter, CHIP NEWS, July 2016

Speaker, PLUS Lifecycle of a Cyber-Liability Claim Conference, Cyber Attack Trends in 2016 and Beyond,” May 2016

Speaker, Information and Cyber Governance, Data Analytics and Privacy Briefing, “View from the Government,” May 2015