U.S. District Courts for the Northern, Western, Eastern and Southern Districts of Texas
Pro Hac Vice in multiple jurisdictions throughout the U.S.
Professional Affiliations
International Association of Privacy Professionals (IAPP) – CIPP/US
Leadership Dallas
Education
Southern Methodist University School of Law, J.D.
Texas Christian University, B.A.
Matthew Yarbrough is a partner in M&R’s Dallas office and member of the firm’s Cybersecurity & Data Privacy, Intellectual Property and White-Collar Defense & Investigations Practice Groups. An internationally recognized trial lawyer, he has nearly three decades of experience in the areas of cybersecurity, data privacy, IP, corporate fraud and government white-collar investigations, both as an Assistant United States Attorney (AUSA) and in private practice as a defense attorney, legal expert and strategist.
In his capacity as an AUSA, Matthew prosecuted numerous high-profile and complex white-collar criminal cases involving securities, IP, banking, healthcare, money laundering, business fraud schemes and terrorism. As a testament to his talents in this area of the law, Matthew served as the head of the first-of-its-kind trial task force charged by the U.S. Department of Justice. The Cybercrimes Task Force prosecuted hi-tech crime and criminal IP cases in federal courts throughout the U.S.
After leaving the DOJ, Yarbrough was immediately tapped in private practice by former Texas Attorney General John Cornyn to help create the Texas Internet Bureau, a precedent-setting agency with the mission of fighting internet fraud, privacy violations and consumer data breaches.
Beyond the courtroom, Matthew has been an Adjunct Professor at SMU School of Law, where he has taught Technology Litigation & Hi-Tech Crimes and Trial Advocacy. He has also appeared as a legal expert on numerous TV news programs such as Nightline, 20/20, CNN, ABC News, MSNBC and Fox.
Over the years, Matthew’s cases have been widely publicized as well, making headlines in such national periodicals as the Wall Street Journal, New York Times, Washington Post, USA Today, The Dallas Morning News, Business 2.0, and ZD Net. The numerous articles Matthew has written include “Suing the Insecure in Cyberspace”; “Stanger-Torts in the Strange World of Cyberspace”; and “Corp 101 – Kicking in the IP Door: Become the Enforcer, Not the Victim.”
By virtue of his vast expertise and successful trial record, Matthew has become a trusted advisor to both the public and private sector, state and federal government, Fortune 500s and start-up companies. In fact, he has lectured and trained executives at several multinationals on crisis management, corporate compliance, data privacy, cybersecurity breaches and the defense of government enforcement actions.
Key High-Profile Matters:
Since 1996, lead investigative, trial and/or advisor on over 2,000+ privacy, cybersecurity and data breach incidents in the United States and internationally.
Prosecuted the first data-intercept and voice communications wiretap of a coordinated hacker organization criminal ring against telecommunications companies in U.S. history, US v. Phonemasters (NDTX).
Acted as lead prosecutor in one of the largest ever theft of trade secrets cases brought under the Federal Economic Espionage Act (EEA), US v. Tejas (NDTX).
Acted as lead prosecutor in “Operation Seek & Keep,” resulting in the take down of the largest international money laundering and human trafficking operation in U.S. history, US v Shetty, aka Diaz (SDNY & NDTX).
Successfully defeated DOJ at trial in the defense of a multinational food industry corporation indicted by DOJ as part of an alleged corporate conspiracy to smuggle undocumented workers into the US, US v Tyson’s Chicken, DeLeon (NDTX).
Acted as lead prosecutor in criminal work-site enforcement case against large restaurant operator, resulting in the largest multi-million dollar criminal corporate fine against an employer in the nation, US v Pappadeaux & Pappacitos (NDTX).
Acted as lead prosecutor in the largest theft of trade secret cases prosecuted under the Economic Espionage Act (EEA) involving the theft of intellectual property via the hacking of a major U.S. manufacturer of turbine engines and sale of embargoed oil and gas machinery to Iran, US v. Tejas (NDTX).
As Counsel for Scott and Bacou obtained a favorable settlement in defending against five patents relating to breathing apparatuses for firefighters. Air Measurement Technologies, Inc. v. Scott Technologies, Inc. (WDTX) and Air Measurement Technologies, Inc. v. Bacou USA Safety, Inc. (WDTX).
Represented BMC Software in IP infringement action arising from the circumvention of measures that controlled access to copyrighted material; obtained civil search & seizure and with U.S. Marshalls conducted raid to seize evidence; obtained Consent Judgment of $1 million and Permanent Injunction, BMC Software v. CrabbyHacker.com (SDTX).
Represented large audio products manufacturer and executed a civil search warrant and seizure of counterfeit goods, obtained a permanent injunction and judgment of $1.25 million in trademark infringement case, Bose Corp. v. Vertigo Online (SDNY).
Represented large enterprise software company and obtained civil search and seizure order, and with U.S. Marshalls conducted raid to seize evidence. Obtained consent judgment of $1 million and permanent injunction for copyright infringement action arising from the circumvention of encryption measures that controlled access to copyrighted material under the Digital Millennium Copyright Act (DMCA), BMC Software v. CrabbyHacker.com (SDTX).
Obtained $5 million jury verdict for false advertising under the Langham Act and claims for misappropriation of business method in a case arising from the defendants’ palming-off of plaintiff’s IP and work, NDE Inc. v. Rainforest Creations(EDTX).
Cybersecurity, Hacking and Data Breach Matters:
Represented MGM Resorts International in one the largest ever data breach investigations concerning a gaming, hospitality, and entertainment company with regards to the exfiltration of customer PII on the Darknet successfully resulting no fines, penalties, or civil actions brought by states attorneys general.
Acted as lead prosecutor in US v. Gl0balHell, largest hack against U.S. Internet Service Providers (ISPs) by an organized criminal group of hackers known as Gl0balHell, US v. Gregory (NDTX).
Acted as lead trial counsel in DHS-Excel v. TTS (NDTX), involving claims under the Computer Fraud and Abuse Act (CFAA) in a civil context concerning the anti-competitive hacking of client’s computer system by a business rival resulting in an award of $10 million in damages for client.
Lead counsel representing plaintiff enterprise software company BMC against Crabby Hacker in a case involving a civil ex parte search warrant and claims concerning theft of trade secrets, Digital Millennium Copyright Act (DMCA) and trademark, BMC Software v. The Crabby Hacker (SDTX).
Defended 7-Eleven as a corporate victim on security breaches resulting from criminal tampering of POS terminals and ATMs; manages and led forensic investigations, breach notification and PR efforts surrounding crisis management resulting in the successful prosecution of threat actor by the US Secret Service and FBI, US v. Gonzales (D.Mass.).
Acted as lead counsel in representing virtual payment industry client, involving claims under the Computer Fraud and Abuse Act (CFAA) in a civil context concerning the alleged hacking of client’s computer system and theft of trade secrets by a business competitor, NexPay v. StoneEagle (NDTX).
International Corporate Investigations Against Government Entities, FCA-Whistle Blower, and “White-Collar” Matters:
Defeated the U.S. Attorney’s Office at trial and successfully defended Tyson’s Chicken corporate HR Manager indicted by the DOJ as part of a nationwide alleged conspiracy by the Board of Director’s to smuggle and employ undocumented workers, US v. DeLeon (NDTX).
Defended New York law firm and investigator in civil SEC investigation of alleged insider trading and collusion between law firms and hedge funds known for taking “short” positions on stocks. After defending client throughout “Wells” submission process, the SEC closed its investigation and dismissed case without instituting civil or criminal actions (SDNY/NDTX).
Successfully defended large national consulting firm against criminal charges by the TX AG’s office, TX Rangers and TxDPS concerning non-compliance with regulatory investigative requirements for U.S. consulting firms, resulting in a dismissal of all allegations, charges and enforcement matters, State of Texas v Navigant.
Represented 7-Eleven as a corporate victim that resulted in the successful prosecution by the State of Florida Attorney’s General Office against fraudulent franchisees and the return of millions of dollars in stolen proceeds, State of Florida v Bailey, et. al.
Represented FedEx/Kinko’s as a victim corporation against ring of Chinese hackers; led and coordinated investigative efforts with the U.S. Attorney’s Office SDNY that successful resulted in the criminal prosecution of hacker mastermind, US v Ju Ju Jiang (SDNY).
Defended largest corporate retail chain investigated by the DOJ and the U.S. Attorney’s Office for the EDNY as part of an alleged corporate conspiracy to employ, harbor, smuggle and traffic undocumented workers. Case successfully resulted in no criminal charges (EDNY).
Whistleblower action under the False Claims Act seeking more than $4.5 billion in damages. Case settled for less than 0.05 percent of the damages sought by the Government, U.S. v. ResCare, Inc. (NDTX).
Represented home-health care agency on allegations of federal False Claims Act (FCA) violations in a whistleblower action. Conducted internal investigation, responded to document requests and presented witnesses to government for interviews. Convinced government to decline intervention and obtained dismissal of suit, U.S. v. Louisiana HomeHealth (WDLA).
Data Life Cycle Counseling – Data Privacy, Cybersecurity, AdTech, Marketing, IoT, AI, & eCommerce Matters:
Advised clients on FTC, OCR, SEC and state Attorney General (including multistate taskforce) investigations and enforcement actions for alleged data security and privacy violations.
Advised and counseled clients on managing FTC Consent Orders and CIDs in connection with data security incidents.
Advised and counseled major health care providers and health plans on all aspects of HITECH security breaches, including HHS OCR and state enforcement.
Advised and counseled numerous major retailers, financial institutions, and other companies on proactive cybersecurity readiness, including developing and conducting full-scale tabletop (Executive Mock Data Breach) exercises for C-suite executives and Boards of Directors.
Counseled numerous technology companies (both as publishers and advertisers) on data collection and sharing issues (including online behavioral advertising and Big Data initiatives), collection and use of geolocation data and EU-US cross border data transfers.
Counseled major retail and consumer goods companies on privacy issues associated with the use of radio frequency identification (RFID) and data collection from mobile devices.
Advised multiple clients on privacy, monitoring and surveillance issues under federal, state, and international laws and prepared related customer policies and operational procedures for data sharing and monetization.
Conducted comprehensive privacy and information security policy assessments of major U.S. gaming, retail, entertainment, hospitality and consumer goods companies, including extensive data flow mapping, implementation of multiple privacy policies, information governance, security and records management procedures.
Developed and implemented comprehensive global records management program for one of world’s largest technology outsourced consultancy firms, including preparation and implementation of data security and privacy standards and procedures, numerous records retention schedules.
