Photo of Kamran Salour

Kamran dedicates his practice to helping clients reduce the likelihood of experiencing a data security incident and minimizing the impact in case of a potential occurrence.

In this episode of Unauthorized Access, Kamran and Sadia welcome their firm colleague, Privacy + Cyber Partner and Team Leader Ron Raether, in a discussion on consumer breach notices — specifically from Ron’s perspective as a litigator — and how plaintiff’s counsel can interpret these notices.

For more than 20 years, Ron has advised

Can cyber investigations be canned? Find out what Sadia, Kamran, and this month’s guest, Shawn Tuma of Spencer Fane, have to say. The gloves come off as these three breach coaches duke it out for the final word on this topic. Just kidding, we cordially discuss our thoughts and opinions on the subject and discover

Your business was hit with a ransomware attack over the weekend, and the critical systems are locked up (i.e., encrypted). To unlock those valuable systems and continue operating the business, the threat actor demands financial payment. After much debate, you and your team decide the business needs to meet the threat actor’s demands

In this episode of Unauthorized Access, Kamran and Sadia welcome Tony Kirtley of Secureworks. Tony discusses the emotional response to a ransomware attack, particularly how the emotional response mirrors the Kübler-Ross five stages of grief. Tony also shares how the sooner organizations reach the fifth stage of “acceptance” — the sooner they can make

Immediately following a three-day stint at the Summer 2022 Net Diligence conference in Philadelphia, Kamran and Sadia welcome Kroll’s Keith Wojcieszek to the Unauthorized Access podcast. In this episode, the trio discuss common misconceptions about dark web monitoring and instances where dark web monitoring can be quite important.

Don’t forget to tune in to win this month’s prize — Troutman Pepper’s “privacy + cyber” hacker hoodie.

Unauthorized Access provides an insightful and interesting recap of the latest developments in cybersecurity. Each month our (mildly funny) hosts, Kamran Salour and Sadia Mirza, will discuss updates on legal developments and industry trends, and share real incident response stories and lessons learned. Kamran and Sadia will also talk with industry experts (e.g., individuals from forensics, insurance, law enforcement, and information security) about the current cyber landscape and where it is headed. The goal for this podcast is to keep you educated and entertained about all things cybersecurity.

If you have a fever for IR – the prescription is Unauthorized Access.

On March 15, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act (Act). Many outlets reporting on the Act focused on its 72-hour breach notification requirement. But such reports created uncertainty over the Act’s application and requirements, as well as the steps an organization should take in response to the Act.

To help resolve

On April 5, the Securities and Exchange Commission (SEC) announced that two employees improperly accessed adjudicatory materials for cases being litigated in the agency’s in-house court system. The access occurred in 2017, and the SEC stated the breach “did not impact the actions taken by the staff investigating and prosecuting the cases or the commission’s

On February 3, a New York magistrate judge recommended dismissing a class action against medical management company, Professional Business System d/b/a Practicefirst Medical Management Solutions in Tassmer v. Professional Business Systems. Judge Michael J. Roemer recommended dismissal because plaintiffs’ allegations failed to constitute an injury under the Supreme Court’s ruling in TransUnion v. Ramirez