Photo of Rahul Mukhi

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

Last week, the Second Circuit affirmed the dismissal for lack of Article III standing a proposed class action against a health services provider that mistakenly disclosed personally identifiable information (“PII”).  In its opinion, the Second Circuit held that plaintiffs may establish Article III standing based on an increased risk of identity theft or fraud following an unauthorized disclosure of their data, but that the standard was not met based on the facts presented.  The decision, which is the first time the Second Circuit has explicitly adopted this standard, has potentially important implications going forward for data breach cases.

Continue Reading Second Circuit Articulates Injury Standard in Data Breach Suits

As discussed in our prior blog post, earlier this year the Supreme Court vacated and remanded the Second Circuit’s decision in a high-profile insider trading case, United States v. Blaszczak,[1] for reconsideration in light of the Supreme Court’s “Bridgegate” decision in Kelly v. United States.[2]  In Blaszczak, the Second Circuit had previously found that a government agency’s confidential pre-decisional information constituted “property” under Title 18, and that therefore the Blaszczak defendants had committed fraud under the applicable statutes when they obtained the information and traded on it.[3]  However, following that decision, the Supreme Court held in Kelly that a government regulatory interest did not constitute “property” for the purpose of Title 18 fraud statutes.[4]  The Blaszczak defendants filed a petition for certiorari, contending that the Second Circuit’s reading of Title 18 could not be reconciled with the Supreme Court’s holding.[5]  After the Blaszczak defendants filed their petition, the government consented to a remand to the Second Circuit.
Continue Reading DOJ Concedes Error In Title 18 Insider Trading Convictions After Supreme Court’s “Bridgegate” Decision

Last week, John Coates, the Acting Director of the SEC’s Division of Corporation Finance (“Corp Fin”), released a statement discussing liability risks in de-SPAC transactions.

The statement focused in particular on the concern that companies may be providing overly optimistic projections in their de-SPAC disclosures, in part based on the assumption that such disclosures are protected by a statutory safe harbor for forward-looking statements (which is not available for traditional IPOs).  Director Coates’s statement questions whether that assumption is correct, arguing that de-SPAC transactions may be considered IPOs for the purposes of the statute (and thus fall outside the protection offered by the statutory safe harbor).  He therefore encourages SPACs to exercise caution in disclosing projections, including by not withholding unfavorable projections while disclosing more favorable projections.
Continue Reading Acting Director of SEC’s Corp Fin Issues Statement on Disclosure Risks Arising from De-SPAC Transactions

In a decision with potentially far-reaching implications, Alasaad v. Mayorkas, Nos. 20-1077, 20-1081, 2021 WL 521570 (1st Cir. Feb. 9, 2021), the First Circuit recently rejected First and Fourth Amendment challenges to the U.S. government agency policies governing border searches of electronic devices. These policies permit so-called “basic” manual searches of electronic devices without any articulable suspicion, requiring reasonable suspicion only when officers perform “advanced” searches that use external equipment to review, copy, or analyze a device.  The First Circuit held that even these “advanced” searches require neither probable cause nor a warrant, and it split with the Ninth Circuit in holding that searches need not be limited to searches for contraband, but may also be used to search for evidence of contraband or evidence of other illegal activity. This decision implicates several takeaways for company executives entering and leaving the United States, particularly if they or their employers are under active investigation.  In-house counsel in particular should consider the implications of the decision given obligations of lawyers to protect the confidentiality of attorney-client privileged information.

Continue Reading First Circuit Upholds Border Searches of Electronic Devices Without Probable Cause

Last month, in Guo Wengui v. Clark Hill, PLC, the United States District Court for the District of Columbia granted Plaintiff’s motion to compel production of Defendant’s third-party forensic investigation report following a cybersecurity incident.[1]  The court held that the forensic report was not covered by the attorney-client privilege or the work product doctrine, providing a cautionary tale for companies conducting post-breach investigations.
Continue Reading D.C. District Court Rejects Privilege Claim for Post-Data Breach Forensic Report

Corporate investigations under the Biden Administration’s Department of Justice (“DOJ”) are expected to increase in the coming months.  Navigating such investigations can be complex, distracting, and costly, and comes with the risk of prosecution and significant collateral consequences for the company.  Recently, Cleary Gottlieb partners and former DOJ prosecutors, Lev Dassin, Jonathan Kolodner, and Rahul

Earlier this month, the Supreme Court vacated and remanded a high-profile insider trading case, United States v. Blaszczak, to the Second Circuit “for further consideration in light of Kelly v. United States.”[1]  Kelly is more commonly known as the “Bridgegate” decision, in which the Supreme Court restricted the application of federal fraud statutes to schemes seeking to obtain property, to the exclusion of schemes primarily targeting regulatory actions by government officials.  In light of the remand, the Second Circuit will now reconsider its endorsement in Blaszczak of liability under Title 18 for a scheme targeting “political intelligence.”
Continue Reading Second Circuit to Reconsider the Scope of Insider Trading Prosecutions Under Federal Fraud Statutes After Supreme Court’s Bridgegate Decision

On October 1, 2020, the SDNY District Court issued an important ruling in U.S. v. Halkbank, holding that foreign state-owned entities (“SOEs”) can be subject to criminal jurisdiction in the United States.

The Court denied the defendant Turkish state-owned bank’s motion to dismiss an indictment charging it with conspiracy, bank fraud, and money laundering

On August 20, 2020, the Department of Justice (“DOJ”) announced that it had charged Joseph Sullivan, the former Chief Security Officer (“CSO”) of Uber Technologies Inc. (“Uber”), with obstruction of justice and misprision of a felony for allegedly attempting to cover up Uber’s 2016 data incident during the course of an investigation by the Federal Trade Commission (“FTC”).
Continue Reading DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach

In a landmark enforcement action related to a bank data breach, the Office of the Comptroller of the Currency (“OCC”) assessed an $80 million civil monetary penalty and entered into a cease and desist order with the bank subsidiaries of Capital One on August 6, 2020.  The actions follow a 2019 cyber-attack against Capital One.  The Federal Reserve Board also entered into a cease and desist order with the banks’ parent holding company.  The OCC actions represent the first imposition of a significant penalty against a bank in connection with a data breach or an alleged failure to comply with the OCC’s guidelines relating to information security.
Continue Reading OCC Imposes $80 Million Penalty in Connection with Bank Data Breach