Mark P. Szpak


  • JD, Harvard Law School, 1984; Articles Office Co-Chair, Harvard Law Review
  • AB, magna cum laude, Harvard College, 1977; Phi Beta Kappa


  • New Hampshire, 1986
  • Massachusetts, 1985

Court Admissions

  • Supreme Court of the United States
  • U.S. Court of Appeals for the First Circuit
  • U.S. Court of Appeals for the Fifth Circuit
  • U.S. Court of Appeals for the Seventh Circuit
  • U.S. District Court for the District of Massachusetts
  • U.S. District Court for the District of New Hampshire
  • Honorable Louis F. Oberdorfer, U.S. District Court for the District of Columbia
  • International Association of Privacy Professionals
  • International Trademark Association
  • Hasty Pudding Theatricals Graduate Board (Harvard College)
  • Michael C. Rockefeller Memorial Fellowship Board (Harvard College)
  • Chenery Middle School Building Committee (Town of Belmont)
  • Various community organizations
  • Law360 “Privacy Group of the Year: Ropes & Gray” (2012-2013)
  • Financial Times “U.S. Innovative Lawyer" (2012)
  • Massachusetts Super Lawyers (2012-2015)

Mark P. Szpak


Mark is a leading member of the firm’s nationally-ranked data breach and privacy group that has assisted The Home Depot, Sony, Heartland Payment Systems, The TJX Companies, Neiman Marcus, Wyndham Hotels and others in handling the wide range of challenges that can arise when computer networks are intruded upon.  He has extensive experience in this burgeoning area, ranging from handling forensic investigations to responding to regulators to defending multidistrict class actions pending in both the US and Canada. Mark brings to that work, in addition, over 30 years of practice in complex litigation generally, representing public and private companies in a host of business and commercial disputes including consumer class actions, trademark and other intellectual property matters, securities fraud, regulatory enforcement, bankruptcy litigation, dealership disputes and transactional litigation.


  • The Home Depot. Advising and representing Home Depot in responding to card brand inquiries stemming from the data security breach that Home Depot announced in September 2014.
  • Neiman Marcus. Advising and representing Neiman Marcus in responding to card brand inquiries stemming from the data security breach that Neiman Marcus announced in January 2014.
  • Sony. Advising and representing Sony in widely-reported computer network attacks involving its PlayStation Network and Sony Online Entertainment network in April 2011, including multi-district class action litigation and related matters. 
  • Fortune 100 Insurance Company. Advising and representing this insurance company in multiple consumer class action litigations and regulatory inquiries stemming from the criminal cyber-attack on a certain portion of the company’s computer network.
  • Wyndham Hotels & Resorts. Advising and representing Wyndham in defense of card brand claims and FTC enforcement action stemming from the data security breaches suffered by certain of the Wyndham-branded hotels in 2008–2010.
  • Heartland Payment Systems. Advising and representing Heartland in handling consumer and bank class actions filed across the nation commencing in 2009 related to a widely-reported intrusion into Heartland's computer systems. 
  • The TJX Companies. Advising and representing The TJX Companies, Inc. in multidistrict class action litigation and related matters arising from its significant unauthorized computer network intrusion beginning in 2007. 
  • Carter’s Inc. Defended this brand name clothing manufacturer/retailer in a national consumer class action alleging unfair pricing in 2010. Successfully secured a dismissal from the trial court and briefed and argued the ensuing Seventh Circuit appeal that affirmed the earlier victory.
  • Gillette. Co-lead lawyer defending Gillette against a multi-district consumer class action in beginning in 2005 based on advertising claims relating to its market-leading M3Power razor. 


  • Mark Szpak, Seth Harrington and Lindsey Sullivan, “Cyberattack Risk: Not Just For Personal Data,” Boston Bar Journal (October 21, 2015)
  • Doug Meal, Mark Szpak and David Cohen,“St. Joseph Demonstrates Challenges For Breach Plaintiffs,” Law360 (February 26, 2015)
  • Quoted, "Dealing with a Data Breach," Law Technology News (Dec. 2, 2014)
  • Co-author, “Data Breach Plaintiffs, Don't Skim This Decision,” Law360 (September 17, 2013)
  • Mark P. Szpak & Daniel Routh, "Difficult Path To Certification Of Data Breach Classes," Law360 (March 29, 2013)
  • Mark P. Szpak & Anne E. Johnson, "Class Certification in the United States: The Rise of Rigor among the Federal Circuits," Class Action Defence Quarterly (June 2009)
  • Mark P. Szpak & Anne E. Johnson, "Class Action Scrutiny: Will Massachusetts Courts Follow Emerging Federal Trends?" Boston Bar Journal (March/April 2009)
  • Mark P. Szpak, Kevin V. Jones & Anne E. Johnson, "Cyber-Thieves Have You Targeted: Is Your Company Ready?" Mass High Tech (October 2008)
  • Mark P. Szpak & Anne E. Johnson, "FACTA Liability for Customer Receipts Remains a Threat," Chain Store Age: The News Magazine for Retail Executives (October 2008)


  • Co-presenter, “Protecting Secrets in Sports & Entertainment,” University of New Hampshire Sports & Entertainment Law Society (October 15, 2015)
  • Co-presenter, “First Responders: How Outside Counsel & Forensic Investigators Help Clients Respond to a Data Breach,” Cybersecurity and Data Protection Legal Summit (December 2014)
  • Panelist, “Big Data is You - Opportunities and Pitfalls of Data Collection, Protection & Use in the Modern Ecosphere,” Ropes & Gray and Stanford Program in Law, Science & Technology Panel Program (February 2014) This session was recorded for broadcast by C-SPAN
  • Speaker, “Data Breaches Involving Consumer Financial Information: Litigation Exposures and Settlement Considerations,” American Conference Institute (January 2011)
  • Speaker, "Litigation over Data Breaches: Potential Non-Consumer Claimants," Food Marketing Institute's Legal Conference, San Antonio, TX (April 2009)
  • Presenter, "Cyber-Thieves and Privacy Breaches: Is Your Company Ready?" Ropes & Gray IP Master Class (October 2008)
  • Speaker, "Effect of CAFA on Class Action Practice and Multidistrict Litigation," Massachusetts Bar Association Seminar on Complex Issues and Emerging Trends in Class Action Litigation (June 2008)