Sami Qureshi is an associate in the Privacy & Cyber and Litigation & Trial Practices of Latham & Watkins’ London office.

Mr. Qureshi has advised many of the world’s leading companies on their most challenging, complex, and impactful cyber incidents and data privacy disputes. He regularly advises clients on:

  • Cyber incident response, forensic investigation, negotiation, and disaster recovery 
  • Data breach response 
  • Regulatory inquiries, enforcement defense and appeals
  • Data privacy disputes and litigation

Mr. Qureshi has substantial experience working with the UK Information Commissioner’s Office (UK ICO), including acting as legal counsel to the Commissioner on Operation Cederberg – the largest investigation of its kind – which involved investigating the activity of numerous entities and individuals including Cambridge Analytica, Aggregate IQ, Global Science Research, global social media companies, and several UK/US-based political parties, with respect to suspected data misuse in the context of political campaigns.

Mr. Qureshi’s experience with the UK ICO includes designing and developing the Enforcement/Investigation Team’s operational processes and procedures.

Mr. Qureshi's experience includes advising:

  • Meta (previously Facebook) in various multi-jurisdictional and high-profile data protection regulatory inquiries
  • A global cryptocurrency coin exchange in response to a series of targeted account take-overs and cyberattacks, and in relation to general cyber security resilience, threat triage, and data privacy challenges
  • A multinational enterprise software company in response to major cross-border Lockbit 3.0 supply chain cyberattack and service outage
  • A market leading identity verification and fraud prevention company on investigation by the UK ICO
  • A US-headquartered non-fungible token (NFT) marketplace in response to cyberattack, data theft, and ransom
  • A US-based, industry-leading artificial intelligence developer in connection with regulatory scrutiny and investigation by UK and US law enforcement agencies
  • The UK ICO, on all elements of strategy, investigation, and enforcement flowing from Operation Cederberg*
  • A major Credit Reference Agency in connection with an industry-wide audit of the data-broking sector by the UK ICO*
  • A leading UK/European stock exchange with respect to a cyberattack and incident response arising out of vulnerabilities identified within the systems of a recently acquired subsidiary company and following conclusion of the highly valuable and widely reported acquisition*
  • A global brewery / beverage retail group of companies in relation to a major REvil cyberattack and data breach following deployment of ransomware within the organization*
  • A global Credit Reference Agency with respect to an extremely high volume of Data Subject Access Requests purportedly brought on behalf of individual consumers by a claims management firm (which targets financial services companies and banks)*
  • An international group of laboratories headquartered in Luxembourg with respect to two highly impactful and widely publicized cyberattacks and related data breaches*
  • A multi-billion dollar US-based aerospace industry manufacturer with respect to corporate data theft, including forensic investigation, evidence analysis, suspect interviews, and liaison with data protection regulators and law enforcement agencies*
  • The non-profit wing of a global financial services corporation / payment card scheme in relation to a multi-jurisdictional personal data breach*
  • The UK ICO through an expert panel responding to a citizen-jury report examining the issue of explainability in artificial intelligence / machine learning technologies*
  • An international brewery / beverage company in response to a series of alleged data breaches and connected legal claims*
  • A UK consumer credit company with respect to claims brought for alleged breach of data protection law*
  • A UK City Council with respect to repelling contentious Freedom of Information Act requests which sought to expose sensitive commercial information about a large scale city infrastructure project*

*Matter handled prior to joining Latham 

Bar Qualification

  • England and Wales (Solicitor)


  • LPC (Distinction), University of Law, 2015
  • LLB, University of Manchester, 2012