Sami Qureshi is an associate in the Privacy & Cyber Practice of the Litigation & Trial Department of Latham & Watkins’ London office.

Mr. Qureshi has advised many of the world’s leading companies on their most challenging, complex, and impactful cyber incidents and data privacy disputes. He regularly advises clients on:

  • Cyber incident response, forensic investigation, negotiation, and disaster recovery 
  • Data breach response 
  • Regulatory inquiries, enforcement defense and appeals
  • Data privacy disputes and litigation

Mr. Qureshi has substantial experience working with the UK Information Commissioner’s Office (UK ICO), including acting as legal counsel to the Commissioner on Operation Cederberg – the largest investigation of its kind – which involved investigating the activity of numerous entities and individuals including Cambridge Analytica, Aggregate IQ, Global Science Research, global social media companies, and several UK/US-based political parties, with respect to suspected data misuse in the context of political campaigns.

Mr. Qureshi’s experience with the UK ICO includes designing and developing the Enforcement/Investigation Team’s operational processes and procedures.

Mr. Qureshi's experience includes advising:

  • Meta (formerly Facebook) in connection with various multi-jurisdictional and high-profile data breaches and data protection regulatory inquiries, including (amongst other major inquiries) advising on regulatory inquiry and associated litigation in relation to data transfers from the European Union to the United States following the CJEU’s decision in Schrems II
  • A global cryptocurrency coin exchange in relation to various global cyber security and data privacy challenges, tactical hardening of security posture, and response to a series of targeted account take-overs, identity and financial fraud, and cyberattacks
  • A global group of industry-leading restaurant brands and franchises with crisis response and related regulatory and litigation issues arising in connection with a serious ransomware attack impacting multiple geographies and causing significant systems down-time
  • A multinational enterprise software company in response to major cross-border Lockbit 3.0 supply chain cyberattack and service outage
  • A market-leading identity verification and fraud prevention company on compulsory investigation by the UK ICO following an industry-wide appraisal of the "data broking" sector
  • A US-headquartered non-fungible token (NFT) marketplace in response to cyberattack, data theft, and ransom demand
  • A US-based, industry-leading artificial intelligence developer in connection with regulatory scrutiny and investigation by UK and US law enforcement agencies following complaints of bias and inappropriate content in language response generation
  • The UK ICO on all elements of strategy, investigation, and enforcement flowing from Operation Cederberg*
  • A major Credit Reference Agency in connection with an industry-wide audit of the data-broking sector by the UK ICO*
  • The UK ICO by providing written submissions and attending an expert panel advising on the issue of “explainability” in artificial intelligence / deep learning / machine learning technologies and supporting the ICO’s drafting of regulatory guidance on these issues*
  • A leading UK/European stock exchange with respect to a cyberattack and incident response arising out of vulnerabilities identified within the systems of a recently acquired subsidiary company and following conclusion of the highly valuable and widely reported acquisition*
  • A global brewery / beverage retail group of companies in relation to a major REvil cyberattack and data breach following deployment of ransomware within the organization*
  • A global credit reference agency with respect to an extremely high volume of data subject access requests purportedly brought on behalf of individual consumers by a claims management firm (which targets financial services companies and banks)*
  • An international group of laboratories headquartered in Luxembourg with respect to two highly impactful and widely publicized cyberattacks and related data breaches*
  • A multi-billion dollar US-based aerospace industry manufacturer with respect to corporate data theft, including forensic investigation, evidence analysis, suspect interviews, and liaison with data protection regulators and law enforcement agencies*

*Matter handled prior to joining Latham 

Bar Qualification

  • England and Wales (Solicitor)


  • LPC (Distinction), University of Law, 2015
  • LLB, University of Manchester, 2012