A Chinese businessman and “prominent political dissident” who sued Big Law firm Clark Hill after it was hacked and his personal information was made public online can proceed with some of his malpractice claims against the firm.
The U.S. District Court for the District of Columbia said that Guo Wengui “successfully pleaded that the alleged mishandling of his information and subsequent cyber attack resulted in damages,” in its Thursday opinion. But the court dismissed Wengui’s malpractice claims that were based upon Clark Hill withdrawing its representation of him after the cyber incident.
Wengui hired the Detroit-based firm in 2016 to help him apply for asylum in the United States, according to the ruling by U.S. District Judge James E. Boasberg.
The Chinese government has accused Wengui of bribery, fraud and money laundering, while Wengui claims that he has evidence of high-level corruption in the Communist Party of China. Wengui alleges that the political party threatened him and his family, the court said.
Citing Wengui’s complaint, Boasberg said Wengui had warned Clark Hill of the “persistent and relentless cyber attacks that he and his associates had endured,” and that they should “expect to be subjected to sophisticated cyber attacks.” The firm agreed to “take special precautions to prevent improper disclosure of plaintiff’s sensitive confidential information.” the judge.
But in September 2017, the firm’s computer system was hacked and personal information about Wengui and his wife, including the contents of the dissident’s asylum petition, were posted online.
A few days later, the firm withdrew from representation. It explained that because of the attack, its personnel may have to serve as witnesses in Wengui’s asylum proceeding, because the hacking provided evidence of the political persecution from which their now-former client sought asylum in the U.S., according to the court.
The firm explained to Wengui that ethics rules prohibit attorneys “from playing the dual role of witness and advocate,” it said. The court agreed with them that Wengui didn’t provide grounds for a viable legal malpractice claim for its withdrawal. Even if it was was “improper,” Wengui hasn’t shown how he was damaged by it, the court said.
It did find that Wengui sufficiently pleaded he was injured by the cyber attack. The firm owed a duty of reasonable care to Wengui, who alleges it made “misrepresentations” to secure him as a client but failed to follow “promised procedures to adequately secure confidential information,” the court said.
The case is Guo Wengui v. Clark Hill, PLC, 2020 BL 61391, D.D.C., No. 19-3195 (JEB), 2/20/20.