Andrew S. Pak
Data Solutions, Cyber and Privacy Counsel, New York
“I provide practical advice and guidance on business strategy, legal and compliance issues related to data governance, cybersecurity, privacy, investigations, and litigation.”
Education and qualifications
Andrew S. Pak—a former federal prosecutor and in-house counsel for a large financial institution—counsels clients on cybersecurity, data protection, risks, compliance, and internal investigations, as well as litigation matters requiring deep technical expertise.
Andrew has dealt with issues relating to cybersecurity and privacy as an investigator, prosecutor, litigator, and in-house attorney. He has spent countless hours debriefing and engaging in discussions with both charged and uncharged malicious hackers, “white hat” hackers, and cybersecurity professionals. Andrew is also a Certified Information Systems Security Professional.
Andrew’s in-house experience includes providing legal counsel and guidance to a Fortune 500 financial institution on everything from data risks, cybersecurity and privacy, to internal investigations and regulatory matters across the global enterprise. He also has advised the company on strategic initiatives relating to cybersecurity and privacy incident planning and response, conducted internal cybersecurity risk assessments, and advised on the build out of a market-leading the company’s Identity Theft Prevention Program in compliance with the Red Flags Rule.
With the benefit of having worked on cybersecurity- and data-related issues as a litigator, and providing practical advice as an in-house attorney, Andrew brings both deep knowledge and practical experience to bear when advising clients on any cybersecurity and privacy issue at virtually any stage of its lifecycle.
As an Assistant U.S. Attorney (“AUSA”) and Cybercrime Coordinator for the United States Attorney’s Office for the District of New Jersey, Andrew prosecuted groundbreaking matters including:
- The largest computer hacking and securities fraud scheme ever charged, US v. Ivan Turchynov et al. and US v. Iermolovych, where a team of hackers stole press releases from major newswire companies, prior to their public distribution, which they then sold to securities traders who used the stolen information to generate millions in illegal trading profits.
- The largest credit card hacking case charged to date, US v. Vladimir Drinkman et al., relating to hacks into 7-Eleven, JC Penney, Heartland Payment Systems, Hannaford Brothers, Visa, Jet Blue, and others.
- Jury conviction against Christopher Rad in US v. Christopher Rad, for organizing an international stock manipulation scam that used botnets to send misleading spam emails in violation of the U.S. CAN-SPAM Act.
As a Senior Trial Counsel at the U.S. Department of Justice’s (“DOJ”) Computer Crime and Intellectual Property Section (“CCIPS”) in Washington D.C, Andrew:
- Architected the DOJ’s national litigation strategy in response to a Second Circuit’s decision which held that email search warrants could not reach data held by email providers on foreign servers.
- Conducted and coordinated a string of successful litigations in various federal districts on behalf of the DOJ against major email providers such as Google and Yahoo!, relating to the Second Circuit’s decision.
Prior to working in-house, Andrew was a federal prosecutor for 8 years at the U.S. Department of Justice (“DOJ”), specializing in cybercrime and economic fraud. From 2011 through 2016, he was an Assistant U.S. Attorney (“AUSA”) and the Cybercrime Coordinator for the United States Attorney’s Office for the District of New Jersey, where he prosecuted malicious hacking cases and fraud-related matters. From 2016 to 2018, he served as Senior Trial Counsel at the DOJ’s Computer Crime and Intellectual Property Section (“CCIPS”) in Washington D.C., where he continued to prosecute cybercrime matters of national significance, coordinated national DOJ litigation strategy relating to email search warrants, and worked on policy and legislative matters.
He maintains a Certified Information Systems Specialist Professional (“CISSP”) certification, an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)². This certification is typically held by cybersecurity professionals tasked with designing, implementing, or managing a cybersecurity program.
Andrew is the recipient of numerous awards, including two Prosecutor of the Year awards by the Federal Law Enforcement Foundation and numerous letters of recognition from the Directors of the United States Secret Service and the Federal Bureau of Investigations.
Andrew’s prior experience includes:
- Prudential Financial, Vice President and Corporate Counsel, Cybersecurity and Privacy
- U.S. Department of Justice, Senior Trial Counsel, Computer Crime & Intellectual Property Section
- U.S. Department of Justice, Assistant U.S. Attorney and Cybercrime Coordinator, U.S. Attorney’s Office for the District of New Jersey
- Friedman Kaplan Seiler & Adelman LLP, Associate
- Debevoise & Plimpton LLP, Associate
Education and qualifications
He is a Certified Information Systems Security Professional (CISSP).