• vcard
312.463.6212
  • Education
    • J.D., Northwestern University School of Law, 2003
    • B.S., University of Michigan, 2000
  • Court Admissions
    • United States Court of Appeals for the Federal Circuit, 2005
    • U.S. Court of Appeals, Fifth Circuit, 2009
    • U.S. Court of Appeals, Sixth Circuit, 2008
    • U.S. Court of Appeals, Seventh Circuit, 2008
    • U.S. District Court, Northern District of Illinois, 2003
Michael Waters is an experienced litigator and Co-Chair of the firm’s Privacy & Cybersecurity practice group. He handled one of the first data breach matters shortly after California passed its breach notification law in 2003 and has become one of the country’s leading data breach attorneys. He has counseled thousands of clients across industries through nearly every conceivable type of breach, from system-wide network intrusions and ransomware attacks to situations involving cyber extortion, stolen laptops and computer hardware, ATM skimmers, email compromises, wire fraud and employee wrongdoing.

Michael has represented hundreds of companies in investigations opened by enforcement agencies post-breach, including investigations by State Attorneys General, the U.S. Department of Health and Human Services Office for Civil Rights, the Federal Trade Commission, and state and federal financial, insurance and education enforcement agencies.

He also assists clients in managing the privacy risks associated with maintaining and transferring information. This includes counseling clients on statutory and contractual data protection requirements, drafting privacy related policies and procedures, GDPR counseling, CCPA and other state privacy law compliance, and providing board counseling and employee training.
  • Served as breach response counsel in connection with hundreds of ransomware and cyber-extortion matters 
  • Served as breach response and litigation counsel for financial institution that lost backup tapes containing account information of approximately two million customers
  • Served as breach response counsel for financial institution who was subjected to cyber-extortion following the hacking and compromise of the personal and financial data of all customers
  • Served as breach response and regulatory counsel for health care provider in one of the largest healthcare breaches of 2017
  • Served as breach response counsel for health care system that experienced a malware attack potentially impacting approximately four million customers and 40,000 employees
  • Served as breach response counsel for public school system in ransomware and cyber-extortion incident
  • Served as breach response counsel to university following brute-force password attack resulting in the compromise of the personal information of over 60,000 students, alumni and employees residing in more than forty states and multiple foreign countries
  • Served as breach response counsel for e-commerce hosting services provider that sustained a malware attack impacting hundreds of third-party companies that used client’s hosting services, as well as thousands of those companies’ customers.
  • Served as breach response counsel for health care system in connection with potential exposure of radiological records of approximately 400,000 patients
  • Served as breach response counsel and law enforcement liason for a national restaurant chain in connection with possible insider theft of payroll records
  • Served as breach response and regulatory counsel for health care system in breach involving the unauthorized acquisition of patient records by a former system physician
  • Served as breach response counsel for health care provider investigating whether patient information as stolen as part of an identity theft ring focused on illegally acquiring prescription medications
  • Served as breach response and regulatory counsel for Medicare Advantage and Medicare Supplement plan provider in connection with incident impacting approximately 28,000 plan participants residing in more than forty states
  • Counsel hundreds of clients in connection with Office365 and other email compromises
  • Counseled numerous entities in situations involving wire fraud and other types of cyber fraud    
  • Served as lead trial counsel for fitness company in a patent and trademark infringement trial that resulted in a $6.8 million jury verdict in favor of client
  • Served as lead trial counsel for aircraft finance company that resulted in a multi-million dollar judgment in favor of client