BREACH HOTLINE
U.S. 844-885-1574
UK +44 8085 020579

Professionals

Kevin W. Yoegel

Partner
426 W. Lancaster Avenue, Suite 200
Devon, PA 19333

Office: (267) 930-4803

Education

Temple University Beasley School of Law
Juris Doctor, magna cum laude

Villanova University College of Engineering
Master of Science, Cybersecurity

University of Massachusetts – Lowell
Bachelor of Science, Information Technology, magna cum laude

Admission

  • Pennsylvania
  • New Jersey
  • U.S. District Court for the District of New Jersey
  • U.S. District Court for the Eastern District of Pennsylvania
  • U.S. Patent & Trademark Office

Practice Areas

Professional Memberships

  • International Association of Privacy Professionals (IAPP)
  • International Information System Security Certification Consortium (ISC2)

Certifications/Licenses

  • Certificate of Cloud Security Knowledge (CCSK)
  • Certified Information Privacy Technologist (CIPT)
  • Certified Information Systems Security Professional (CISSP)
  • CompTIA Cloud Essentials+
  • Designing and Building AI Solutions
  • Fellow of Information Privacy (FIP)
  • U.S. Certified Information Privacy Professional (CIPP/US)

Kevin W. Yoegel is a Partner in Mullen Coughlin’s Incident Response practice group. An experienced cybersecurity attorney, Kevin assists clients with proactive data privacy and security, as well as incident response management and remediation.

Kevin has counseled hundreds of organizations across virtually all industry group sectors through a wide variety of data privacy and security incidents including ransomware and data extortion, business email compromises (BECs), account takeovers, distributed denial-of-service (DDoS) attacks, third-party compromises, inadvertent disclosures and insider threats.

As Breach Counsel, Kevin oversees the various incident response stakeholders throughout the lifecycle of the investigation, including interacting with cyber insurance carriers and brokers, coordinating investigatory forensics, crisis management, reporting to law enforcement and applicable regulatory authorities and effectuating legally-compliant notifications where required. He regularly advises clients on compliance with the various laws, regulations and industry standards that underpin data protection and information security, including:

  • U.S. federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Telecommunications Act and the Gramm-Leach-Bliley Act (GLBA), among others;
  • U.S. state data privacy and information security laws;
  • International laws such as the European Union’s General Data Protection Regulation (GPDR) and Cyber Resilience Act (CRA); and
  • Industry-specific rules and guidance including the Payment Card Industry Data Security Standard (PCI-DSS) and the U.S. Securities and Exchange Commission’s (SEC) Cyber Incident Disclosure Rules.

Kevin also counsels organizations through any regulatory investigations or actions arising from an incident, including actions by state attorneys general (AGs); state insurance, health and financial services departments; the U.S. Department of Health and Human Services’ Office for Civil Rights (HHS-OCR); the Federal Trade Commission (FTC); and the SEC.

With a passion for data privacy and information security, Kevin also assists and counsels organizations with various Advisory Compliance services. Working closely with organizational internal stakeholders, he assists with developing Incident Response Plans (IRPs); data privacy and information security policies; data governance strategies; vendor management programs; written information security programs; and other data privacy, information security and information technology guidelines, procedures and policies. Kevin also supports clients by drafting and negotiating commercial technology agreements, including SaaS agreements; terms of service and other professional services agreements; service level agreements; and vendor agreements.

Immediately prior to joining Mullen Coughlin, Kevin was Senior Legal Counsel for Data Usage and Cloud Delivery at a global software company. There, he drove a variety of strategic projects related to cybersecurity, data governance, cloud operations and artificial intelligence. Prior to that, Kevin was a Partner at a national law firm in their Data Privacy & Cybersecurity practice group where he focused his practice on assisting organizations in preparing for, and responding to, data privacy and security incidents.

In addition to his J.D., Kevin holds a master’s degree in cybersecurity, a bachelor’s degree in information technology and numerous technical certifications in security and privacy such as the Certified Information Systems Security Professional (CISSP) from the International Information System Security Certification Consortium (ISC2) and the International Association of Privacy Professional’s (IAPP) Certified Information Privacy Technologist (CIPT) and U.S. Certified Information Privacy Professional (CIPP/US) credentials.

SPEAKING ENGAGEMENTS & PRESENTATIONS

  • “The Business Computing Environment,” ABA’s 2025 Fidelity Law Fall Conference, Chicago, IL, October 9, 2025
  • “Computer Security Technology – Modern Trends and Tools to Defend Against Cyber Crime,” ABA’s 2025 Fidelity Law Fall Conference, Chicago, IL, October 9, 2025
  • “Trends in Cyber-Crime and Fraud,” Bank Holding Company Association (BHCA) 2025 Fall Seminar, Edina, MN, October 7, 2025
  • “Marine Cyber Liability: How Has the Risk Changed?,” Board of Marine Underwriters of San Francisco (BMUSF) 23rd Biennial Marine Seminar, San Francisco, CA, April 21, 2022
  • “Emerging Cyber Threats: Trucking and Logistics,” Trucking Industry Defense Association (TIDA) Annual Seminar, Philadelphia, PA, October 15, 2021
  • “Safeguarding Confidential Data: The Ethics of Cybersecurity,” Lawline CLE, Virtual, August 31, 2021
  • “Technology and the Legal Practitioner – Ethical Concerns & Best Practices” UIA International Association of Lawyers’ Midyear Meeting, Virtual, June 6, 2021
  • “How to Partner with Cyber Insurance Companies Before, During, and After an Event,” Philadelphia Technology Leadership Summit, Philadelphia, September 15, 2020

PUBLICATIONS

  • “The Aereo Loophole: A Retrospective Inquiry into the Legality of Antenna Farms and Internet-Based Television,” Temple Law Review, March 2015