Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Law Firm Proskauer Sues Ex-COO for Data Theft

January 18, 2023

I am late catching up with this one. Blame the holidays.

Reuters reported on December 28 that law firm Proskauer Rose sued its former chief operating officer on December 27, alleging he stole a cache of confidential information about the firm’s finances, lawyer compensation and clients before leaving his employment.

The lawsuit, filed in Manhattan federal court, claims Jonathan O’Brien deceived Proskauer staff members into allowing him to copy sensitive internal documents to USB files and then wrongfully deleted thousands of emails before giving notice that he was leaving.

“Mr. O’Brien knew this information would be highly useful to Proskauer’s competitors, as it would enable them to effectively target and recruit Proskauer’s partners, practice groups, and clients,” the lawsuit said. The firm asked the court to block O’Brien from misusing its data and is seeking unspecified damages.

Proskauer said it does not know where O’Brien plans to work, but the complaint claims he told a fellow employee that the firm would be “very angry” when it learned about his new employer.

O’Brien joined the firm in 2015 as chief financial officer and became chief operating officer in 2017. A Proskauer spokeswoman did not immediately respond to requests for further comment.

According to the complaint, O’Brien in November created a list of documents to steal, including each partner’s client list, financial compensation and performance; software the firm developed to create proprietary reports; and confidential strategies for lateral partner recruiting. He then allegedly tricked a technology employee into letting him copy the data, saying it was requested by an outside consultant.

O’Brien copied the confidential files onto a USB drive, and on December 16, the day his annual bonus posted, he “deleted every file on his personal network drive to try and cover up his theft,” according to the complaint.

He informed the firm on December 20 that he was quitting effective January 6. Proskauer’s executive committee voted to fire him upon filing its lawsuit, the complaint said.

We’ve said it hundreds of times – beware the dangers of insiders. Cybersecurity training might have been useful here – it is helpful to point out that any action by an employee that might constitute a security issue should be reported, no matter how high the employee’s position. I genuinely feel badly for the IT employee who got tricked – for sure, he should have been trained to report the request to copy all these files to someone above the rank of COO (at that level, the managing partner(s) is appropriate) to ensure that copying these files was approved.

What a mess. To be continued . . .

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson