Edward McAndrew
Edward McAndrew

Edward J. McAndrew


Tel 202.661.7696
Fax 202.661.2299
Washington, DC
Tel 215.864.8841
Fax 215.864.8999
Tel 302.252.4451
Fax 302.252.4466

Edward J. McAndrew is a counselor, investigator, and trial lawyer who helps clients navigate life in the digital world. He is co-leader of the firm's Privacy and Data Security Group.

Named a "Cybersecurity and Data Privacy Trailblazer" by The National Law Journal, Mr. McAndrew advises clients on cybersecurity, digital privacy, cyber-incident response, social media, online speech, defamation, commercial, employment, intellectual property, corporate governance, regulatory, and criminal matters. He also advises clients on cyber-based national security issues, as well as governmental demands for data and assistance in investigations. Outside of the cyber arena, he handles civil and criminal investigations, litigation, and trials in various substantive areas. He focuses his pro bono work on assisting individual victims of cybercrimes.

Prior to joining Ballard Spahr, Mr. McAndrew served for nearly a decade as a federal cybercrime prosecutor in the U.S. Attorney’s Offices for the Eastern District of Virginia and for the District of Delaware. A Cybercrime Coordinator and National Security Cyber Specialist, Mr. McAndrew has worked in every major area of technology facilitated crime, including hacking and other cyberattacks; digital espionage; identity and intellectual property theft; financial, government contracting, and tax fraud; money laundering; export control violations; cyberstalking; obstruction of justice; threats and extortion, online child exploitation; narcotics and firearms trafficking; and terrorism. He has handled a multitude of high-profile, complex and sensitive investigations, trials and appeals—many involving cutting-edge legal and technological issues.

Mr. McAndrew serves by appointment on the Delaware Supreme Court’s Commission on Law and Technology. As the leader of the Commission’s Data Security Working Group, he has developed leading practices and educational programs relating to cybersecurity and digital privacy for lawyers and legal services organizations.

He is a frequent commentator, presenter and author on legal issues related to cybersecurity, digital privacy, cybercrime, computer forensics and Internet safety.

Representative Matters

  • Representation of financial institution in data breach impacting customers in more than 30 states.
  • Representation of a financial services company in a data breach impacting consumers in 33 states resulting in state attorneys general investigations.
  • Representation of a multi-national corporation in a federal criminal investigation and litigation relating to the theft of over $1 billion in intellectual property by internal and external cyber actors located in multiple countries.
  • Representation of government contractor in criminal and national security investigations relating to nation-state cyberattacks targeting export-controlled intellectual property.
  • Counseling organizations in multiple industries on cybersecurity risk management, information security program design and implementation, and cyber incident response planning.
  • Counseling of clients in multiple industries in responding to cyber incidents involving ransomware attacks and business email compromises resulting in fraudulent wire transfers and exposure of employee information.
  • Defense of an online retailer in computer fraud and intellectual property theft litigation.
  • Defense of an online marketing organization in data breach litigation.
  • Representation of a manufacturing company in civil litigation relating to hacking and cyber-theft of intellectual property by a competitor.
  • Defense of fraud and breach of fiduciary duty litigation against an international digital entertainment streaming service in the Delaware Court of Chancery.
  • Counseling and representation of multiple organizations, officers, and employees relating to technology facilitated extortion, online threats and defamation.
  • Successfully represented publicly traded media company in arbitrations involving more than $500 million in broadcasting, intellectual property, advertising, and corporate ownership rights relating to digital media technology.
  • Successfully represented mortgage purchaser in insurance coverage litigation related to $43 million mortgage fraud scheme.
  • Successfully represented state insurance commissioner as receiver in $20 million fraud, breach of contract, and tax cases against government involving real estate development project.
  • Conducted internal investigation relating to government program fraud for organization’s board of directors.
  • Secured one of the first decisions in the United States dismissing privacy and defamation claims against website publishing third-party content under Section 230 of the Communications Decency Act.
  • Successfully represented multiple defendants and prominent private membership organization in high-profile litigation of discrimination, defamation, and related claims by expelled member.
  • Conducted internal investigation and represented organization in government investigation of FCPA issues in the insurance industry.
  • Conducted internal investigation and represented technology company in government investigation of export control violations.
  • Represented target of grand jury investigation relating to large-scale environmental spill.
  • Represented private entities in election fraud litigation relating to ballot referendum on casino gambling.
  • Represented online advertising business in cybersquatting and trademark infringement actions.
  • Litigated through U.S. Supreme Court appeal a successful First Amendment challenge to federal commercial casino advertising ban.
  • Defended technology company in theft of trade secrets case involving recruitment of a competitor’s technology development team.
  • Successfully represented national supermarket chain in federal appeal of employee liability for newsgathering torts.

Prosecutorial Experience

  • First U.S. prosecution of a foreign hacker for theft of trade secrets from American companies. Coordinated multi-national investigations and successful prosecutions of members of international hacking and data theft conspiracy that breached the networks of technology companies and the U.S. Army over a period of three years, stealing tens of thousands of identities and intellectual property valued in the billions of dollars.
  • First U.S. prosecution of a Chinese national for cybercrime committed entirely from China. Convicted member of international cybercrime organization of cyber-theft and online distribution of more than $100 million in sensitive, industrial-grade software owned by more than 200 technology companies to buyers in 28 states and more than 60 countries. One of the longest prison sentences in U.S. history for cyber-theft of intellectual property.
  • First U.S. convictions for cyberstalking resulting in death. Convicted members of multi-year cyberstalking conspiracy focused on four children and resulting in the murders of two women in the lobby of Delaware’s largest courthouse.
  • Convicted “Chief Scientist” of defense and law enforcement contractor of cybercrime conspiracy involving use of cracked software obtained from Chinese cybercriminals to design components used in Marine One presidential helicopters, Blackhawk helicopters, Patriot missiles, police radar and breath analysis equipment.
  • Convicted NASA scientist of cybercrime conspiracy involving uploading of cracked software obtained from Chinese cybercriminals onto NASA computer network.
  • Convicted website operator of cyber-theft and online distribution of more than 24,000 copies of software products manufactured by at least 80 companies to thousands of customers.
  • Investigated money laundering and Bank Secrecy Act violations involving the use of stolen intellectual property to unlawfully mine, commoditize, and sell virtual currencies on black markets.
  • Investigated and prosecuted numerous individuals for online child exploitation crimes, including:

    • United States Secret Service officer stationed at the White House;
    • Teachers, university professors, and other school/university employees;
    • Youth group leaders, camp counselors, football, basketball, baseball, and soccer coaches;
    • Priests, ministers, and other church employees;
    • Health care providers and lawyers in government and private practice;
    • Employees, including senior executives, of various types of companies;
    • Local, state, and federal law enforcement officers and senior managers;
    • Active duty military personnel deployed in Operation Enduring Freedom and Operation Iraqi Freedom; and
    • Senior military and intelligence personnel and contractors stationed at the Pentagon, CIA, Dover Air Force Base, and abroad.
  • Conducted international investigation into a series of DDoS attacks against major financial institutions.
  • Investigated data breaches and theft of hundreds of thousands of identities from multiple financial, educational, and governmental computer networks by foreign-based hackers.
  • Investigated data breaches of IT enterprise solutions and cloud services provider resulting in the compromise of systems and confidential and proprietary information for at least 50 entities and hundreds of millions of personal users.
  • Convicted members of large-scale, Internet-based tax fraud conspiracy centered on electronic submission of more than 450 tax returns using more than 60 different Internet service accounts and 130 financial accounts. Total losses to the United States of approximately $8 million in one year.
  • Convicted leader of identity theft and bank fraud conspiracy involving computer-facilitated check fraud using more than 200 stolen identities.
  • Investigated entity and individuals for International Traffic in Arms regulatory violations involving Internet-based exports of technology relating to a U.S. Navy contract.
  • Convicted individual in witness intimidation and obstruction of justice case involving use of mobile device and Facebook to threaten government witness in murder-for-hire and drug trafficking trial. Arrest made in courtroom during trial.
  • Successfully litigated media “right of access” issues relating to courtroom testimony and evidence presentation in cybercrime trials.
  • Prosecuted cyberstalking and Internet threat campaign involving e-mail account hijacking and online defamation and dissemination of private, explicit videos.
  • Convicted disgruntled employee of domestic terrorism offense for mailing fake anthrax to the headquarters of a prominent media organization.
  • Investigated hacking into financial institution servers and theft of millions of dollars in customer funds.
  • Investigated hacking and hijacking of retail business website by former third-party vendor.
  • Investigated unauthorized access to food supplier’s computer network from shipping port.
  • Led international online undercover investigations focused on the infiltration of “dark web” networks.
  • Convicted owner and operator of construction company of decade-long tax fraud involving loss of more than $2 million.
  • Investigated anonymous online threats to public officials and federal employees.

Judicial Clerkships

Hon. Collins J. Seitz, U.S. Court of Appeals for the Third Circuit, Wilmington, Del., 1996-1997

Professional Activities

American Bar Association – Member, Litigation, Criminal Justice and Business Law Sections, Communications Law Forum

Supreme Court of Delaware, Commission on Law & Technology – Leader, Data Security Working Group

Association of Certified Financial Crime Specialists – Executive Board Member, Mid-Atlantic Chapter

The Catholic University of America – Member, Law School Alumni Council

Recognition & Accomplishments

Cybersecurity and Data Privacy Trailblazer,The National Law Journal, 2015

Director's Special Recognition Award, Federal Bureau of Investigation, December 2015

Exemplary Partnership Award, U.S. Department of Homeland Security, U.S. Immigration and Customs Enforcement, Homeland Security Investigations, February 2015

Director’s Award, U.S. Department of Homeland Security, U.S. Immigration and Customs Enforcement, November 2013

Assistant Attorney General’s Award for Outstanding Advocacy in Protecting Citizens from Online Crime, U.S. Department of Justice, November 2008


Co-author, "Colorado Proposes Cybersecurity Rules for Investment Advisers, Broker-Dealers," Ballard Spahr alert, April 26, 2017

Co-author, "New Mexico Becomes 48th State to Enact Data Breach Notification Law," Ballard Spahr alert, April 19, 2017 

Co-author, "It’s ‘Ready, Set, Go’ – Cyber Threats to Lawyers Grow," Delaware Lawyer, March 1, 2017

Co-author, "IRS and Others Renew Warnings About Fraudulent Emails Targeting Employee Tax Information," Ballard Spahr alert, January 30, 2017

Co-author, "Data Breach Class Action Reinstated Against Horizon Healthcare Services Inc.," Ballard Spahr alert, January 23, 2016

Co-author, "EU e-Privacy Regulation Raises Stakes for Compliance," Ballard Spahr alert, January 12, 2017

Co-author, "NYDFS Revises Cybersecurity Regulation, Extends Effective Date to March 1, 2017," Ballard Spahr alert, December 28, 2016

Co-author, "FTC Settles with Targeted Digital Advertising Company over Supercookie Advertising Practices," Ballard Spahr alert, December 23, 2016

Co-author, "Prepare for Compliance with General Data Protection Regulation Checklist," Ballard Spahr alert, December 7, 2016

Co-author, "New York Regulators Drive Cyber Security Accountability for the Financial Sector," Payments & FinTech Lawyer, November 10, 2016

Co-author, "DOT Issues Proposed Cybersecurity Guidance to Automotive Industry," Ballard Spahr alert, October 27, 2016

Co-author, "Federal Banking Agencies Propose New Requirements for Managing Cyber Risk," Ballard Spahr alert, October 20, 2016

Co-author, "Dealing With the Aftermath of a Breach – a Checklist," Health Management Technology, September 27, 2016

Co-author, "N.Y. Moves Ahead with Proposed Cybersecurity Regulations for Financial Institutions," Ballard Spahr alert, September 19, 2016

Co-author, "FFIEC Provides Concrete Guidance on Setting Up Information Security Programs," Ballard Spahr alert, September 14, 2016

Co-author, "Fending Off and Fighting Cybercriminals," Law Week Colorado, September 12, 2016

Co-author, "Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm," Ballard Spahr alert, August 17, 2016

Co-author, "Important Lessons for Businesses from FTC's Opinion on LabMD's Data Security Practices," Ballard Spahr alert, August 12, 2016

Co-author, "Court: Stored Communications Act Warrant Cannot Be Used to Seize Data Held Overseas," Ballard Spahr alert, July 19, 2016

Co-author, "Ninth Circuit Vastly Expands Scope of Criminal, Civil Liability for Computer Fraud," Ballard Spahr alert, July 15, 2016

Co-author, "International Regulators Issue Cybersecurity Guidance to the Financial Industry," Ballard Spahr alert, July, 6, 2016

Co-author, "Cybersecurity, Use of Internet of Things Technology Concern Manufacturers," Ballard Spahr alert, June 28, 2016

Co-author, "The Defend Trade Secrets Act Signed into Law," Ballard Spahr alert, May 11, 2016

Co-author, "Class Certification Improper in Data Breach Case, PA Appellate Court Finds," Ballard Spahr alert, May 4, 2016

Co-Author, "FTC Releases "Cheat Sheet" for Developing a Secure Mobile Health Application," Ballard Spahr alert, April 22, 2016

Co-author, "European Parliament Adopts EU General Data Protection Regulation; 12 Steps Businesses Should Take Now," Ballard Spahr alert, April 21, 2016

"How Companies Can Work with the U.S. Government on Cyber Threats," Bloomberg BNA Big Law, April 1, 2016

Co-author, "Federal Reserve Study Highlights Consumer Behavior with Mobile Financial Services," Ballard Spahr alert, April 1, 2016;

"Let's Be 'Reasonable' About Data Security," The Journal of the Delaware State Bar Association, April 2016

Co-author, "FTC Examines Process by which Companies Assess Compliance with PCI DSS," Ballard Spahr alert, March 9, 2016

Co-author, "EU-U.S. Privacy Shield Framework Text Published: Imposes New Obligations on U.S. Entities that Seek Data Transfers from the EU," Ballard Spahr alert, March 8, 2016

Co-author, "CFPB Initiates Its First Data Security Enforcement Action," Ballard Spahr alert, March 3, 2016

Co-author, "California Data Breach Report Defines 'Reasonableness' Standard for Data Protection," Ballard Spahr alert, March 2, 2016

Co-author, "President Obama Gives EU Citizens Judicial Redress for Privacy Violations," Ballard Spahr alert, March 1, 2016

Co-author, "President Creates Cybersecurity National Action Plan and Commission on Enhancing National Cybersecurity," Ballard Spahr alert, February 24, 2016

Co-author, "DOJ/DHS Issue Interim Guidance on Implementation of Cybersecurity Information Sharing Act," Ballard Spahr alert, February 23, 2016

Co-author, "Former Cardinals Scouting Director Pleads Guilty to Hacking Astros’ Computer Systems," Ballard Spahr alert, January 11, 2016

Co-author, "LifeLock to Pay $100 Million to Settle Charges It Violated 2010 Court Order," Ballard Spahr alert, December 28, 2015

Co-author, "FTC Takes Action against App Developers on COPPA Allegations Involving Persistent Identifiers," Ballard Spahr alert, December 23, 2015

"Organizations Should Focus on Data Sharing Post-Incident, Not Attribution," CSOonline.com, August 4, 2015

"How to Prepare for and Respond to a Cyberattack," Network World, July 8, 2015

"What the Sony Cyberattack Can Teach Lawyers About Data Security," The Journal of the Delaware State Bar Association, April 1, 2015

"The Data Security Imperative for Lawyers," Delaware Lawyer, October 27, 2014

"Leading Practices: Data Security," The Supreme Court of Delaware, Commission on Law and Technology, June 20, 2014

"From the P.R.C. to the F.C.I.—Cracking a Chinese Cybercrime Case," United States Attorneys’ Bulletin/United States Department of Justice, March 30, 2014

"Consensual Searches of Computers and Assumption of Online Identities," United States Attorneys’ Bulletin/United States Department of Justice, January 31, 2014

"Say Hello to My Little Friend: The New and Improved Cyberstalking Statute," United States Attorneys’ Bulletin/United States Department of Justice, January 31, 2014

Speaking Engagements

"Current Issues in Cybercrime and Cybersecurity," Temple University School of Law, Philadelphia, April 5, 2017

"Learning Lab: Investigating and Prosecuting Cybercrime – Enter the Law Enforcement Trenches," RSA Conference, San Francisco, February 15, 2017

"Hot Topics on the Internet and Data Privacy," ABA Forum on Communications Law, New Orleans, February 10-11, 2017

"E-Discovery for Investigations and Criminal Matters," Legaltech New York, New York City, February 2, 2017

"An Exercise in Cyber Incident Response," ACC Cybersecurity Summit, Washington, D.C., January 31, 2017

 "Assessing Cyber Risks in Regulated Industries," Ballard Spahr event, Las Vegas, January 10, 2017

"Cybersecurity in an Evolving Threat Landscape," PBI Real Estate Institute, Philadelphia, December 9, 2016

"Cybersecurity Leadership Panel," Life Sciences PA, Valley Forge, PA, December 8, 2016

"Best Practices for Responding to a Cyberattack and Working with Law Enforcement in the Aftermath," 2016 ISSA International Conference, Information Systems Security Association, Dallas, Texas, November 2016

"United States v. Matusiewicz: A Case Study in Cyberstalking," Conference on the Investigation & Prosecution of Crimes of Stalking, Dover, Delaware, October 2016

"Brexit and Beyond: International Issues and Cross-border e-Discovery," Relativity Fest 2016, Chicago, October 2016

"Cybersecurity: What Every Attorney Needs to Know and Why," Intellectual Property Law Institute, Amelia Island, Florida, September 2016

"Recent Cases in Cyber Liability," ABA Legal Malpractice Conference, Chicago, September 2016

"The Government's Role in Your Cyber Incident: Friend, Foe or Both?," ABA Business Law Section Annual Meeting, Boston, September 2016

"The Law and Business of Social, Mobile and Emerging Technologies," ILTACON 2016, Washington, D.C., August 2016

"Navigating Interactions with Governments in an Evolving Cyber Threat Landscape," American Banker's CyberSec 2016, New York, July 2016

"The Evolving Cybercrime Epidemic," Drexel University School of Law, Philadelphia, June 2016

"Addressing Evolving Cybersecurity Threats," Colorado Health Facilities Authority Conference, Denver, June 2016

"Raising the Stakes – Individual Liability for Corporate Conduct," Ballard Spahr webinar, June 2016

"Working with the U.S. Government on Data Security," CGOC Conference, Washington, D.C., June 2016

"How You (and the Bank of Bangladesh) Get Hacked: Cybercrime Vulnerabilities and Responses in a Risky World," ACFCS Financial Crime Conference, New York, June 2016

"Judicial Perspectives on Current E-Discovery Issues" and "Time Is Not On Your Side When It Comes To Data Security," Enfuse 2016, Guidance Software, Las Vegas, Nevada, May 2016

"Ethical Implications of Technology for Corporations and Law Firms," District of Delaware Bench & Bar Conference, Delaware Chapter of the Federal Bar Association, Wilmington, Delaware, May 2016

"Worst Case Scenario – The State of Cybersecurity and Lessons Learned," ACC Mid-Year Conference, New York City, April 12, 2016

"Cybersecurity Seminar – Best Practices for Preparing for and Responding to Data Breaches," Denver, April 7, 2016

"Social Media, Technology & Data Security," DSBA Small Firms and Solo Practitioners Conference, Rehoboth Beach, April 1, 2016

"HIPAA-Ventilate – New Privacy and Information Security Concerns in Healthcare in the U.S. and Beyond," Philadelphia, March 29, 2016 

"Cybersecurity for the Future: Breaking the Mold," TechJunction, Tucson, Arizona, March 16, 2016

"Lessons Learned:  Best Practices for General Counsel and In-House Attorneys from the ACC Foundation Cybersecurity Report," Denver, March 9-10, 2016 

"The Aftermath of a Breach: Best Practices for Working with Law Enforcement," RSA Conference 2016, San Francisco, March 4, 2016

"Navigating the Digital World in an Evolving Cyber-threat Landscape," University of Delaware Cybersecurity Initiative and the Institute for Public Administration, Newark, Delaware, February 10, 2016

"The Law of Mobile, Social, and Emerging Technologies," LegalTech New York 2016, February 3, 2016

"The 'New Normal': Coping with Today's Leaner, Meaner, More Demanding Legal Environment," LegalTech New York 2016, February 3, 2016

"Time Is Not On Your Side When It Comes To Data Security," LegalTech New York 2016, February 2, 2016

"Translating Cybersecurity Preparedness into a Business Requirement," and "Crystal Ball: What Do You Think the Next Big Cybercrime Will Be?" cyberSecure, New York City, December 2015

"Reducing the Costs and Damage Associated with Data Breaches," Compliance, Governance & Oversight Council, London, December 2015

"Confidentiality in the Age of Cyber(In)Security," Delaware State Bar Association, December 2015

"The Dark Web: The Digital Street Corner of a Global Cybercrime Marketplace," National Association of Attorneys General, Eastern Region Conference, New York City, October 2015

"Cybersecurity and e-Discovery: The Downstream Effects of Upstream Security Decisions," Relativity Fest, Chicago, October 2015

"Mapping the Threat Landscape—Organized Crime, State Actors, Hacktivists and More" and "Investigating a Cyber Attack—Internal and Law Enforcement Perspectives," Association of Certified Financial Crime Specialists, Cyber Financial Crime Summit, October 2015, Washington, D.C.

"Gender and Cyber-based Violence," National Association of Attorneys General, Midwestern Region Meeting, Chicago, October 2015

"You’ve Been Hacked, Now What? Guidance on Data Breach Mitigation, Response and Ethical Conundrums," ACEDS 6th Annual E-Discovery Conference, September 2015

"Jailing Foreign Hackers and Crackers: Case Studies of the First U.S. Convictions of China-based and Other Foreign Cybercriminals" and "The Intersection of Privacy, Security and E-Discovery," CEIC 2015, Las Vegas, May 2015

"Tales from the Front Line in the Fight Against Cybercrime,” Guidance Software CISO/CLO Summit, Las Vegas, May 2015

"Cybersecurity: Risk Management and Incident Response in an Evolving Threat Landscape," Federal Bar Association, District of Delaware Inaugural Bench & Bar Conference, May 2015

"Cybersecurity for Law Firms," Association of Legal Administrators, Seventh Annual Legal Leadership Forum, May 2015

"Protecting Children in a Digital World," Protecting Delaware’s Children Conference, March 2015

"Investigating and Prosecuting Trade Secret Theft by Computer Hackers," National Advocacy Center, February 2015

"Post Breach: Navigating Interactions with the Government as Cyber Victim and Enforcement Target" and "Is There an Ethical Duty to Protect Client Data?" ALM 1st Annual Cybersecurity and Data Protection Legal Summit, New York, December 2014

"Proving Your Case Using Mobile Forensics," National Advocacy Center, June 2014

"The Technology of Today and the Issues of Tomorrow," Delaware Bench & Bar Conference 2014, June 2014

"Why Legal Should Care About Cybersecurity" and "The Intersection of Privacy, Security & E-Discovery," CEIC 2014, Las Vegas, May 2014

"Proactive Threat & Risk Intelligence" and "Cyber Attacks from the Legal Frontlines," Guidance Software CISO/CLO Summit, Las Vegas, May 2014

"E-Discovery: The Intersection Between Privacy and National Security," Guidance Software Federal Summit, Arlington, Va., March 2014

"A Risk-based Approach to Cybersecurity Threats," Legal Tech 2014, New York, February 2014

Catholic University of America Columbus School of Law (J.D. 1995, magna cum laude)
Editor-in-Chief, Catholic University Law Review

The College of New Jersey (B.A. 1992, cum laude)


District of Columbia

New Jersey