Mark P. Szpak


  • JD, Harvard Law School, 1984; Articles Office Co-Chair, Harvard Law Review
  • AB, magna cum laude, Harvard College, 1977; Phi Beta Kappa


  • New Hampshire, 1986
  • Massachusetts, 1985

Court Admissions

  • Supreme Court of the United States
  • U.S. Court of Appeals for the First Circuit
  • U.S. Court of Appeals for the Fifth Circuit
  • U.S. Court of Appeals for the Seventh Circuit
  • U.S. District Court for the District of Massachusetts
  • U.S. District Court for the District of New Hampshire
  • Honorable Louis F. Oberdorfer, U.S. District Court for the District of Columbia
  • International Association of Privacy Professionals
  • International Trademark Association
  • Hasty Pudding Theatricals Graduate Board (Harvard College)
  • Michael C. Rockefeller Memorial Fellowship Board (Harvard College)
  • Chenery Middle School Building Committee (Town of Belmont)
  • Various community organizations
  • The National Law Journal, “Cybersecurity Trailblazer” (2015)
  • Financial Times “U.S. Innovative Lawyer" (2012)
  • Massachusetts Super Lawyers (2012-2016)

Mark P. Szpak


Mark is a leading member of the firm’s nationally-ranked data breach and privacy group that has assisted The Home Depot, Heartland Payment Systems, The TJX Companies, Neiman Marcus, Wyndham Hotels and others in handling the wide range of challenges that can arise when computer networks are intruded upon.  He has extensive experience in this burgeoning area, ranging from handling forensic investigations to responding to regulators to defending multidistrict class actions pending in both the US and Canada. Mark brings to that work, in addition, over 30 years of practice in complex litigation generally, representing public and private companies in a host of business and commercial disputes including consumer class actions, trademark and other intellectual property matters, securities fraud, regulatory enforcement, bankruptcy litigation, dealership disputes and transactional litigation.


  • Serving as lead counsel for Arby’s Restaurant Group in defending against all third-party claims arising from a payment card incident announced in February 2017.
  • Advising Hilton Worldwide regarding potential card brand claims stemming from two separate data security incidents that affected certain Hilton-branded hotels around the world in 2014 and 2015. We are also advising Hilton in litigation against Hilton's former payment card processor in connection with a commercial dispute relating to the data security incidents.
  • The Home Depot. Advising and representing Home Depot in responding to card brand inquiries stemming from the data security breach that Home Depot announced in September 2014.
  • Neiman Marcus. Advising and representing Neiman Marcus in responding to card brand inquiries stemming from the data security breach that Neiman Marcus announced in January 2014.
  • Sony. Advised and represented Sony in its widely-reported computer network attacks in April 2011, including multi-district class action litigation and related matters. 
  • Fortune 100 Insurance Company. Advising and representing this insurance company in multiple consumer class action litigations and regulatory inquiries stemming from the criminal cyber-attack on a certain portion of the company’s computer network.
  • Wyndham Hotels & Resorts. Advising and representing Wyndham in defense of card brand claims and FTC enforcement action stemming from the data security breaches suffered by certain of the Wyndham-branded hotels in 2008–2010.
  • Heartland Payment Systems. Advising and representing Heartland in handling consumer and bank class actions filed across the nation commencing in 2009 related to a widely-reported intrusion into Heartland's computer systems. 
  • The TJX Companies. Advising and representing The TJX Companies, Inc. in multidistrict class action litigation and related matters arising from its significant unauthorized computer network intrusion beginning in 2007. 
  • Carter’s Inc. Defended this brand name clothing manufacturer/retailer in a national consumer class action alleging unfair pricing in 2010. Successfully secured a dismissal from the trial court and briefed and argued the ensuing Seventh Circuit appeal that affirmed the earlier victory.
  • Gillette. Co-lead lawyer defending Gillette against a multi-district consumer class action in beginning in 2005 based on advertising claims relating to its market-leading M3Power razor. 


  • Co-author, “High Hurdles Faced by Data Security Breach Shareholder Derivative Plaintiffs,” Bloomberg BNA Privacy and Security Law Report (May 2017)
  • Quoted, “Court Decision Can Tamp Down Class Suits,” The Wall Street Journal (May 18, 2016)
  • Mark Szpak, Seth Harrington and Lindsey Sullivan, “Cyberattack Risk: Not Just For Personal Data,” Boston Bar Journal (October 21, 2015)
  • Doug Meal, Mark Szpak and David Cohen,“St. Joseph Demonstrates Challenges For Breach Plaintiffs,” Law360 (February 26, 2015)
  • Quoted, "Dealing with a Data Breach," Law Technology News (Dec. 2, 2014)
  • Co-author, “Data Breach Plaintiffs, Don't Skim This Decision,” Law360 (September 17, 2013)
  • Mark P. Szpak & Daniel Routh, "Difficult Path To Certification Of Data Breach Classes," Law360 (March 29, 2013)
  • Mark P. Szpak & Anne E. Johnson, "Class Certification in the United States: The Rise of Rigor among the Federal Circuits," Class Action Defence Quarterly (June 2009)
  • Mark P. Szpak & Anne E. Johnson, "Class Action Scrutiny: Will Massachusetts Courts Follow Emerging Federal Trends?" Boston Bar Journal (March/April 2009)
  • Mark P. Szpak, Kevin V. Jones & Anne E. Johnson, "Cyber-Thieves Have You Targeted: Is Your Company Ready?" Mass High Tech (October 2008)
  • Mark P. Szpak & Anne E. Johnson, "FACTA Liability for Customer Receipts Remains a Threat," Chain Store Age: The News Magazine for Retail Executives (October 2008)


  • Panelist, "Emerging Technologies: Privacy by Design,” Harvard Law Privacy Mini-Symposium, Cambridge, MA (April 10, 2018) 
  • Panelist, “Worldwide Trends in Class Action Litigation: Leveraging Global Experience in a Locally Changing Landscape,” Ropes & Gray Privacy & Cybersecurity Summit, New York, NY (February 8, 2018)
  • Moderator, “Post-Breach: Class Actions and Business to Business Disputes,” BBA Privacy and Cybersecurity Forum, Boston, MA (May 24, 2017)
  • Panelist, “Data Security, Disputes & Cyberinsurance Strategies,” GTC Conference (September 29, 2016)
  • Co-presenter, “Protecting Secrets in Sports & Entertainment,” University of New Hampshire Sports & Entertainment Law Society (October 15, 2015)
  • Co-presenter, “First Responders: How Outside Counsel & Forensic Investigators Help Clients Respond to a Data Breach,” Cybersecurity and Data Protection Legal Summit (December 2014)
  • Panelist, “Big Data is You - Opportunities and Pitfalls of Data Collection, Protection & Use in the Modern Ecosphere,” Ropes & Gray and Stanford Program in Law, Science & Technology Panel Program (February 2014) This session was recorded for broadcast by C-SPAN
  • Speaker, “Data Breaches Involving Consumer Financial Information: Litigation Exposures and Settlement Considerations,” American Conference Institute (January 2011)
  • Speaker, "Litigation over Data Breaches: Potential Non-Consumer Claimants," Food Marketing Institute's Legal Conference, San Antonio, TX (April 2009)
  • Presenter, "Cyber-Thieves and Privacy Breaches: Is Your Company Ready?" Ropes & Gray IP Master Class (October 2008)
  • Speaker, "Effect of CAFA on Class Action Practice and Multidistrict Litigation," Massachusetts Bar Association Seminar on Complex Issues and Emerging Trends in Class Action Litigation (June 2008)
Cookie Settings