Seth P. Berman leads Nutter’s Privacy and Data Security practice group and is a member of the firm’s White Collar Defense practice group. Corporations and their boards engage Seth to address the legal, technical and strategic aspects of data privacy and cybersecurity risk, and to prepare for and respond to data breaches, hacking and other cyber attacks. Seth also represents clients in white collar criminal matters, and has particular expertise in conducting cross-border internal investigations and in the data privacy implications of such matters.
Prior to joining Nutter, Seth led the Boston, New York, and Washington offices of a leading cybersecurity and digital forensics investigations consulting firm. He also spent six years in London as the head of the consulting firm’s international practice, where he regularly assisted clients with international criminal and digital forensic investigations. Earlier in his career, Seth was an Assistant United States Attorney in the District of Massachusetts, where he investigated and prosecuted economic crimes and was one of the leading computer crimes prosecutors in Massachusetts. While at the U.S. Attorney’s office, he served as a member of the New England Electronic Crimes Task Force, and successfully prosecuted computer intrusions, denial of service attacks (DDoS), computer and internet fraud, identity theft, and other abuses involving the theft of data and improper use of computer networks. Notably, he prosecuted a ring of hackers who gained access to hundreds of thousands of individuals’ Social Security numbers and other personal data by accessing the database of an online information services company. Seth also served as an Assistant District Attorney in the New York County District Attorney’s Office and was a member of the New York Electronic Crimes Task Force, and was a partner at an international law firm specializing in white collar criminal defense and civil litigation. Seth obtained his bachelor’s degree from Princeton University and earned his J.D. from Cornell Law School, where he served as an editor of the Cornell Law Review.
Seth is a recognized thought leader in cybersecurity and criminal law. He has appeared on the BBC and SkyNews commenting on cybersecurity issues, and has written extensively on the subject. Seth teaches a Cyber Crime Law class at Harvard Law School.
Notable Experience and Client Impact
- Led investigation for international pharmaceutical company that discovered key intellectual property had been stolen and was offered for sale. Investigation ultimately disproved the company’s initial theory that an insider had stolen the data and demonstrated that their systems had been penetrated by a state-sponsored hacker.
- Led investigation for health care provider whose email system was breached in a major phishing attack. Worked with the company to understand what data had been exfiltrated, ultimately finding that no Personal Identifying Information (PII) or Protected Health Information (PHI) had been accessed or exfiltrated by the hackers.
- Worked with a company to determine the source of a theft of intellectual property, ultimately building a case against several former employees who had left the company to start a competitor.
- Advised several companies addressing major data breach of customer data, including reportable Personal Identifying Information (PII) and Protected Health Information (PHI), and assisted in determining what data was reportable in each relevant jurisdiction.
- Advised audit committee of insurance company seeking to test the company’s preparedness for a cyber attack, including conducting extensive physical and network penetration testing, and drafted report detailing suggested improvements to their security.
- Worked with the legal and IT teams of a major retailer to test their information security readiness plan and drafted a report detailing potential enhancements.
- Advised international financial institution accused of assisting tax fraud and money laundering in Switzerland in navigating the conflicting demands of U.S. criminal law subpoenas and Swiss data protection and bank privacy regulations.
- Organized electronic discovery project for massive international litigation involving an international bank accused of conspiring to manipulate interest rates, potentially violating criminal and securities laws in dozens of counties.