Skip to Main Content
Professional Photo

Matthew Yarbrough, CIPP/US


Based in Texas, Matthew Yarbrough is a seasoned trial attorney who represents clients in complex litigation involving data privacy and cybersecurity, intellectual property, government investigations, and white collar crime.

Matt resides in Dallas and works virtually in our Houston office.

Professional Biography

Matthew Yarbrough advises clients in the areas of cybersecurity, data privacy, intellectual property, corporate fraud, and white collar investigations, and defends businesses in matters concerning internet fraud, privacy violations, and consumer data breaches. Throughout his career, he has advised businesses, state and federal governments, and individuals.

Since 1996, Mr. Yarbrough has served as lead investigative, trial, and/or advisor on more than 2,000 privacy, cybersecurity, and data breach incidents in the U.S. and internationally. He is a Certified Information Privacy Professional: United States (CIPP/US) and has advised and counseled clients on the following:

  • Advised clients on investigations and enforcement actions resulting from alleged data security and privacy violations by the Federal Trade Commission (FTC), Office of Civil Rights (OCR), Securities and Exchange Commission (SEC), and state attorneys general, including multistate task forces.
  • Managing FTC consent orders and civil investigating demands in connection with data security incidents.
  • Advised major health care providers on all aspects of HITECH security breaches, including OCR and state enforcement.
  • Advised numerous major retailers, financial institutions, and other companies on proactive cybersecurity readiness, including developing and conducting full-scale tabletop (executive mock data breach) exercises for c-suite executives and boards of directors.
  • Advised numerous major retailers on security breaches resulting from criminal tampering of point-of-sale terminals and ATMs, including Federal Bureau of Investigation (FBI) and U.S. Secret Service involvement, forensic investigations, breach notification, and PR efforts surrounding crisis management.
  • Counseled numerous technology companies (both as publishers and advertisers) on data collection and sharing issues, including online behavioral advertising and Big Data initiatives, as well as use of geolocation data and EU-U.S. Privacy Shield certification.
  • Conducted comprehensive privacy and information security policy assessments of major U.S. gaming, retail, entertainment, hospitality, and consumer goods companies, including extensive data flow mapping, implementation of multiple privacy policies, information governance, security, and records management procedures.
  • Counseled major retail and consumer goods companies on privacy issues associated with the use of radio frequency identification (RFID) and data collection from mobile devices.
  • Advised multiple clients on privacy, monitoring, and surveillance issues under federal, state, and international laws and prepared related customer and HR policies.

Mr. Yarbrough served as an Assistant United States Attorney (AUSA) in the Northern District of Texas, prosecuting numerous high-profile and complex white collar criminal cases involving health care, IP, banking, money laundering, securities, business fraud schemes, and terrorism. While at the U.S. Attorney's Office, he led the Cybercrimes and Criminal Intellectual Property Task Force, prosecuting major cyberattack cases, including the first data intercept of a hacker ring known as the "PhoneMasters" case. He was tapped by former Texas Attorney General John Cornyn as special counsel to assist in the creation of the Texas Internet Bureau to fight internet and telecommunications fraud, data breaches, and identity theft.

Mr. Yarbrough has lectured and trained several multinational companies and executives on topics concerning crisis management, corporate compliance, data privacy, cybersecurity breaches, and the defense of government enforcement actions. He has also served as an adjunct professor at Southern Methodist University Dedman School of Law, teaching "Technology Litigation & Hi-Tech Crimes" and "Trial Advocacy." His cases have been widely publicized in national periodicals, including the Wall Street Journal, New York Times, Washington Post, USA Today, The Dallas Morning News, and ZD Net, as well as numerous news outlets around the world.

  • Data Privacy and Cybersecurity

  • Acted as lead prosecutor in the largest unauthorized access of U.S. and international telecommunications companies and phone carriers by an organized group of hackers known as the PhoneMasters.

  • Acted as lead prosecutor in the largest hack against U.S. internet service providers (ISPs) by an organized criminal group of hackers known as Gl0balHell.

  • Established and created the Texas Internet Bureau, one of the first state-based cybersecurity and privacy agencies dedicated to stopping cybercrimes and internet fraud at the request of Senator John Cornyn, then Texas Attorney General.

  • Acted as lead trial counsel involving claims under the Computer Fraud and Abuse Act (CFAA) in a civil context concerning the hacking of a client's computer system by a business competitor, resulting in an award of $10 million in damages for the client.

  • Lead counsel representing the plaintiff, an enterprise software company, against a third-party consultant in a hacking case involving civil ex parte search warrant and claims concerning theft of trade secrets, Digital Millennium Copyright Act (DMCA), and trademark.

  • Lead trial counsel for a plaintiff in a Lanham Act case involving false advertising and the theft of marketing and advertising materials that resulted in a multimillion-dollar trial verdict for the client.

  • Developed and implemented a comprehensive global records management program for one of world's largest technology outsourced consultancy firms, including preparation and implementation of data security and privacy policies and procedures, and numerous records retention schedules.

  • Government Investigations and White Collar

  • Successfully defended a large, international firm headquartered in Chicago against the Texas Attorney General, Texas Rangers, and Texas Department of Public Safety in criminal charges concerning the non-compliance with regulatory investigative requirements regarding large U.S. consulting firms, resulting in a dismissal of all allegations and enforcement matters.

  • Served as lead prosecutor and architect of the DOJ's international "Operation Seek & Keep," resulting in the take-down and conviction of the largest international human trafficking ring in U.S. history.

  • Successfully represented an American multinational food industry corporation and defeated the U.S. Attorney's Office at trial in defending a corporate HR manager indicted by the DOJ as part of a nationwide conspiracy by the alleged board of directors to smuggle and employ undocumented immigrants.

  • Represented a printing and shipping corporation attacked by Chinese hackers, coordinating with the U.S. Attorney's Office in the Southern District of New York and ultimately led to the successful criminal prosecution of the hacker mastermind.

  • Represented and defended the largest retail franchise chain investigated by the DOJ as part of an alleged corporate conspiracy to employ, harbor, smuggle, and traffic undocumented immigrants in the U.S.

  • Represented a convenience retailer as a corporate victim, resulting in the State of Florida successfully prosecuting franchisees and returning millions of dollars of stolen proceeds.

  • Intellectual Property

  • Acted as lead prosecutor in the largest theft of trade secret cases prosecuted under the Economic Espionage Act (EEA), which involved the theft of intellectual property by hackers from a major U.S. manufacturer of turbine engines and the sale of embargoed oil gas machinery to Iran.

  • Successfully represented a large audio products manufacturer in a trademark infringement case that involved executing a civil search warrant to seize counterfeit goods and obtaining a permanent injunction, resulting in a judgment of $1.25 million.

  • Successfully represented a large enterprise software company in obtaining a consent judgment of $1 million and a permanent injunction for a copyright infringement action arising from the circumvention of encryption measures that controlled access to copyrighted material under the Digital Millennium Copyright Act.

  • Obtained a $4.7 million jury verdict for false advertising under the Langham Act and claims for misappropriation of business method in a case arising from the defendants' palming off of plaintiff's works.

  • Obtained a favorable settlement for a mobile electronics company by asserting two patents related to the routing of query messages by a signal transfer in a telecommunications network.

  • Member – International Association of Privacy Professionals (IAPP)
  • Listed in The Best Lawyers in America® for Electronic Discovery and Information Management (2015 – present); Litigation - Intellectual Property (2024)
  • Selected to Texas Super Lawyers (2003 – 2019)
  • Outstanding Prosecutor Award, U.S. Department of Justice (DOJ) (1997)
  • Outstanding Prosecutor Award, Federal Bureau of Investigation (FBI) (1996)
  • Outstanding Prosecutor Award, U.S. Department of Homeland Security (DHS) (1995)
  • "The Expanding Corporate Responsibilities for Cybersecurity," Texas Lawyer (August 2023)
  • "The Cyber-Wise CFO: Preparing for Tomorrow's Threats Today," The CFO Leadership Council Dallas Chapter (January 2024)
  • "Protect Yourself: Communication Beyond the Crisis," Blue Lava Community (December 2023)
  • "Law School for CFOs," Dallas CFO Leadership Council (October 2023)

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept