Thomas I. Moran is a Partner practicing in Mullen Coughlin’s Incident Response practice group. As legal counsel for victims of data privacy and security incidents, he primarily manages the full lifecycle of the response, investigation and legal analysis into incidents such as a ransomware attacks, fraudulent payments/wire fraud, business email compromises (BECs), inadvertent disclosures and other network intrusions. While generally industry-agnostic, Tom has significant experience counseling organizations from the financial services; manufacturing and distribution; retail/e-commerce; and education industry groups.

Tom works closely with his victim organizations; cyber insurers and brokers; law enforcement; state, federal and industry regulators; and other third-party stakeholders, such as digital forensic investigation firms, to guide his clients through the incident response process. With an understanding and appreciation of the prevailing data privacy statute and regulation landscape, he diligently identifies and analyzes relevant data privacy and information security laws and regulations to ensure that his clients understand, and if necessary, effectuate, individual, contractual and/or regulatory/law enforcement reporting and notification requirements stemming from the incident.

Tom also supplements his incident response practice with providing Advisory Compliance services and solutions, such as, but not limited to, executing Cyber Incident Response Tabletop Exercises, developing and preparing Incident Response Plans (IRPs) and assisting with compliance with a variety of industry-specific data privacy and information security compliance.

Prior to joining Mullen Coughlin, Tom was an Associate at an AmLaw 100 law firm, practicing in their Digital Assets and Data Management and Digital Risk Advisory and Compliance service areas.

Tom is a member of the International Association of Privacy Professionals (IAPP) and also holds U.S. Certified Information Privacy Professional (CIPP/US) certification.

Outside of his practice, Tom is a 5^th grade basketball coach and also a member of the “Young Professionals Board” for the American Cancer Society.

REPRESENTATIVE MATTERS

• Represented a publicly-traded, international manufacturer and retailer in response to a network intrusion incident, including individual notification, reporting to the U.S. Securities Exchange Commission (SEC) and responding to subsequent regulatory inquiries
• Represented multiple organizations in the response and investigation into ransomware incidents, including, among others, an AmLaw 200 law firm; an international hospitality group; an international men’s cosmetic brand; a national telecom company; and an international restaurant chain
• Represented a state’s Department of Labor (DOL) following the inadvertent disclosure of personal information
• Regularly represents financial institutions in analyzing legal obligations arising from BEC, inadvertent disclosure and ransomware incidents

SPEAKING ENGAGEMENTS & PRESENTATIONS

• “The National Cyber Strategy and Your Cybersecurity Program,” CSU College of Law’s 2023 Cybersecurity & Privacy Protection Conference, Cleveland, OH, April 20, 2023
• “Confronting Cyber Threats: Cyber Security from the FBI’s Perspective,” CMBA’s 44th Annual Real Estate Law Institute, Cleveland, OH, November 4, 2022
• “Role of a Breach Coach,” Zywave’s 2020 Cyber Risk Insights Conference, Virtual, October 20, 2020