Mark P. Szpak


  • JD, Harvard Law School, 1984; Articles Office Co-Chair, Harvard Law Review
  • AB, magna cum laude, Harvard College, 1977; Phi Beta Kappa


  • New Hampshire, 1986
  • Massachusetts, 1985

Court Admissions

  • Supreme Court of the United States
  • U.S. Court of Appeals for the First Circuit
  • U.S. Court of Appeals for the Fifth Circuit
  • U.S. Court of Appeals for the Seventh Circuit
  • U.S. District Court for the District of Massachusetts
  • U.S. District Court for the District of New Hampshire
  • Honorable Louis F. Oberdorfer, U.S. District Court for the District of Columbia
  • International Association of Privacy Professionals
  • International Trademark Association
  • Hasty Pudding Theatricals Graduate Board (Harvard College)
  • Michael C. Rockefeller Memorial Fellowship Board (Harvard College)
  • Chenery Middle School Building Committee (Town of Belmont)
  • Various community organizations
  • The Best Lawyers in America (2021)
  • The National Law Journal, “Cybersecurity Trailblazer” (2015)
  • Financial Times “U.S. Innovative Lawyer" (2012)
  • Massachusetts Super Lawyers (2012-2019)

Mark P. Szpak


Mark is a leading data breach and privacy litigator and advisor whose experience includes assisting The Home Depot, Sony, Arby’s, athenahealth, Heartland Payment Systems, The TJX Companies, Neiman Marcus, Wyndham Hotels and others in dealing with the wide range of challenges that breach and privacy incidents can generate. He has extensive experience in this burgeoning area, ranging from handling forensic investigations to responding to regulators to defending multidistrict class actions pending in both the US and Canada. Mark brings to that work, in addition, almost 35 years of practice in complex litigation generally, representing public and private companies in a host of business and commercial disputes including consumer class actions, trademark and other intellectual property matters, securities fraud, regulatory enforcement, bankruptcy litigation, dealership disputes and transactional litigation.


  • Arby’s Restaurant Group in regard to consumer claims stemming from a cybersecurity incident announced in February 2017.
  • athenahealth in defending against and obtaining dismissal of a pair of federal court TCPA litigations.
  • The Home Depot in investigative matters and in responding to card brand inquiries and a range of litigations stemming from the cybersecurity incident that Home Depot announced in September 2014.
  • A Fortune 100 Insurance Company with respect to the consumer class litigation and multistate Attorney General investigation and settlement arising from a criminal cyber-attack on a portion of its computer network.
  • Neiman Marcus in responding to card brand inquiries stemming from the data security breach that Neiman Marcus announced in January 2014.
  • Sony in investigative matters and in dealing with multiple global litigations and regulatory actions, including in the US, Canada, UK and other countries, that arose from the 2011 criminal cyberattacks on portions of Sony’s computer networks.
  • Wyndham Hotels & Resorts in connection with the FTC investigation stemming from a series of cybersecurity incidents during 2008–2010 involving the computer networks of a number of independently-owned Wyndham-branded hotels. 
  • Heartland Payment Systems in investigative matters and the consumer class actions, issuer class actions and regulatory inquiries resulting from the cybersecurity incident it announced in 2009. 
  • The TJX Companies in regard to the multidistrict consumer class action litigation in the US and Canada and related proceedings arising from the unauthorized computer network(s) in 2005-2006 that affected its store chains in the US, Puerto Rico, Canada and the United Kingdom. 
  • Carter’s Inc. in defending a national consumer class action alleging unfair pricing in 2010 and securing a successful dismissal from the trial court and affirmance by the Seventh Circuit.
  • Gillette in defending a multi-district consumer class action beginning in 2005 based on advertising claims relating to its market-leading M3Power razor. 


  • Co-author, “US Litigation Considerations and Landscape,” The Guide to Cyber Investigations, first edition (2019)
  • Co-author, “High Hurdles Faced by Data Security Breach Shareholder Derivative Plaintiffs,” Bloomberg BNA Privacy and Security Law Report (May 2017)
  • Quoted, “Court Decision Can Tamp Down Class Suits,” The Wall Street Journal (May 18, 2016)
  • Mark Szpak, Seth Harrington and Lindsey Sullivan, “Cyberattack Risk: Not Just For Personal Data,” Boston Bar Journal (October 21, 2015)
  • Doug Meal, Mark Szpak and David Cohen,“St. Joseph Demonstrates Challenges For Breach Plaintiffs,” Law360 (February 26, 2015)
  • Quoted, "Dealing with a Data Breach," Law Technology News (Dec. 2, 2014)
  • Co-author, “Data Breach Plaintiffs, Don't Skim This Decision,” Law360 (September 17, 2013)
  • Mark P. Szpak & Daniel Routh, "Difficult Path To Certification Of Data Breach Classes," Law360 (March 29, 2013)
  • Mark P. Szpak & Anne E. Johnson, "Class Certification in the United States: The Rise of Rigor among the Federal Circuits," Class Action Defence Quarterly (June 2009)
  • Mark P. Szpak & Anne E. Johnson, "Class Action Scrutiny: Will Massachusetts Courts Follow Emerging Federal Trends?" Boston Bar Journal (March/April 2009)
  • Mark P. Szpak, Kevin V. Jones & Anne E. Johnson, "Cyber-Thieves Have You Targeted: Is Your Company Ready?" Mass High Tech (October 2008)
  • Mark P. Szpak & Anne E. Johnson, "FACTA Liability for Customer Receipts Remains a Threat," Chain Store Age: The News Magazine for Retail Executives (October 2008)


  • Panelist, "Emerging Technologies: Privacy by Design,” Harvard Law Privacy Mini-Symposium, Cambridge, MA (April 10, 2018) 
  • Panelist, “Worldwide Trends in Class Action Litigation: Leveraging Global Experience in a Locally Changing Landscape,” Ropes & Gray Privacy & Cybersecurity Summit, New York, NY (February 8, 2018)
  • Moderator, “Post-Breach: Class Actions and Business to Business Disputes,” BBA Privacy and Cybersecurity Forum, Boston, MA (May 24, 2017)
  • Panelist, “Data Security, Disputes & Cyberinsurance Strategies,” GTC Conference (September 29, 2016)
  • Co-presenter, “Protecting Secrets in Sports & Entertainment,” University of New Hampshire Sports & Entertainment Law Society (October 15, 2015)
  • Co-presenter, “First Responders: How Outside Counsel & Forensic Investigators Help Clients Respond to a Data Breach,” Cybersecurity and Data Protection Legal Summit (December 2014)
  • Panelist, “Big Data is You - Opportunities and Pitfalls of Data Collection, Protection & Use in the Modern Ecosphere,” Ropes & Gray and Stanford Program in Law, Science & Technology Panel Program (February 2014) This session was recorded for broadcast by C-SPAN
  • Speaker, “Data Breaches Involving Consumer Financial Information: Litigation Exposures and Settlement Considerations,” American Conference Institute (January 2011)
  • Speaker, "Litigation over Data Breaches: Potential Non-Consumer Claimants," Food Marketing Institute's Legal Conference, San Antonio, TX (April 2009)
  • Presenter, "Cyber-Thieves and Privacy Breaches: Is Your Company Ready?" Ropes & Gray IP Master Class (October 2008)
  • Speaker, "Effect of CAFA on Class Action Practice and Multidistrict Litigation," Massachusetts Bar Association Seminar on Complex Issues and Emerging Trends in Class Action Litigation (June 2008)
  • JD, Harvard Law School, 1984; Articles Office Co-Chair, Harvard Law Review
  • AB, magna cum laude, Harvard College, 1977; Phi Beta Kappa
Cookie Settings