Professionals

Thomas I. Moran

Partner
70 Birch Alley, Suite 240
Beavercreek, OH 45540

Office: (267) 930-2085

Education

Cleveland State University College of Law
Juris Doctor

Hiram College
Bachelor of Science, Political Science

Admission

  • Ohio
  • U.S. District Court for the Northern District of Ohio
  • U.S. District Court for the Southern District of Ohio

Practice Areas

Professional Memberships

  • International Association of Privacy Professionals (IAPP)
  • American Bar Association (ABA)
  • Cleveland Metropolitan Bar Association (CMBA)
  • CSU College of Law Cybersecurity Roundtable
  • American Cancer Society – Member, Young Professionals Board

Certifications/Licenses

  • U.S. Certified Information Privacy Professional (CIPP/US)

Thomas I. Moran is a Partner practicing in Mullen Coughlin’s Incident Response practice group. As legal counsel for victims of data privacy and security incidents, he primarily manages the full lifecycle of the response, investigation and legal analysis into incidents such as a ransomware attacks, fraudulent payments/wire fraud, business email compromises (BECs), inadvertent disclosures and other network intrusions. While generally industry-agnostic, Tom has significant experience counseling organizations from the financial services; manufacturing and distribution; retail/e-commerce; and education industry groups.

Tom works closely with his victim organizations; cyber insurers and brokers; law enforcement; state, federal and industry regulators; and other third-party stakeholders, such as digital forensic investigation firms, to guide his clients through the incident response process. With an understanding and appreciation of the prevailing data privacy statute and regulation landscape, he diligently identifies and analyzes relevant data privacy and information security laws and regulations to ensure that his clients understand, and if necessary, effectuate, individual, contractual and/or regulatory/law enforcement reporting and notification requirements stemming from the incident.

Tom also supplements his incident response practice with providing Advisory Compliance services and solutions, such as, but not limited to, executing Cyber Incident Response Tabletop Exercises, developing and preparing Incident Response Plans (IRPs) and assisting with compliance with a variety of industry-specific data privacy and information security compliance.

Prior to joining Mullen Coughlin, Tom was an Associate at an AmLaw 100 law firm, practicing in their Digital Assets and Data Management and Digital Risk Advisory and Compliance service areas.

Tom is a member of the International Association of Privacy Professionals (IAPP) and also holds U.S. Certified Information Privacy Professional (CIPP/US) certification.

Outside of his practice, Tom is a 5th grade basketball coach and also a member of the “Young Professionals Board” for the American Cancer Society.

REPRESENTATIVE MATTERS

  • Represented a publicly-traded, international manufacturer and retailer in response to a network intrusion incident, including individual notification, reporting to the U.S. Securities Exchange Commission (SEC) and responding to subsequent regulatory inquiries
  • Represented multiple organizations in the response and investigation into ransomware incidents, including, among others, an AmLaw 200 law firm; an international hospitality group; an international men’s cosmetic brand; a national telecom company; and an international restaurant chain
  • Represented a state’s Department of Labor (DOL) following the inadvertent disclosure of personal information
  • Regularly represents financial institutions in analyzing legal obligations arising from BEC, inadvertent disclosure and ransomware incidents

SPEAKING ENGAGEMENTS & PRESENTATIONS

  • “The National Cyber Strategy and Your Cybersecurity Program,” CSU College of Law’s 2023 Cybersecurity & Privacy Protection Conference, Cleveland, OH, April 20, 2023
  • “Confronting Cyber Threats: Cyber Security from the FBI’s Perspective,” CMBA’s 44th Annual Real Estate Law Institute, Cleveland, OH, November 4, 2022
  • “Role of a Breach Coach,” Zywave’s 2020 Cyber Risk Insights Conference, Virtual, October 20, 2020