David Balser of King & Spalding. David Balser of King & Spalding.

Capital One has turned to King & Spalding’s David Balser to represent the financial institution in nearly 40 class actions brought over a data breach announced last month.

Balser, a partner in Atlanta, is a prominent expert in cybersecurity: He represented Equifax Inc. in 250 lawsuits and government regulatory actions brought over a 2017 breach that settled last month for $1.4 billion. The suits against Capital One, brought in federal courts in nine states and the District of Columbia, allege the financial institution failed to secure its customer data. The breach compromised the personal information, including Social Security numbers, of 100 million customers in the United States and 6 million in Canada.

On Monday, Balser filed a notice of appearance for Capital One Bank (USA) Inc. before the U.S. Judicial Panel on Multidistrict Litigation. He declined to comment, and a Capital One spokesperson did not respond to a request for comment.

Two San Francisco attorneys, Tyler Newby and Michael Rhodes, appeared for additional defendants Amazon Web Services and GitHub Inc., respectively. Newby, co-chairman of the privacy and cybersecurity practice at Fenwick & West, did not respond to a request for comment, and Rhodes, global chairman of Cooley’s cyber/data/privacy and internet practice groups, declined to comment.

Capital One announced the breach July 29, about two weeks after company officials claim they discovered the cyberattack. Capital One said it expected up to $150 million in costs because of the breach, including charges for legal support, and had $400 million in insurance coverage.

➤➤ What does legalized marijuana mean for your practice? Check out Law.com’s special report on cannabis.

Plaintiffs’ attorneys have competing requests pending to coordinate the Capital One litigation before a single judge. One request, filed by Cari Laufenberg of Keller Rohrback in Seattle, is for the Western District of Washington, where the alleged hacker, Paige Thompson, faces federal criminal charges. The other, filed by Linda Nussbaum of Nussbaum Law Group in New York, seeks a transfer to the District of Columbia, near Capital One’s headquarters in McLean, Virginia. The motion specifically references U.S. District Judge James Boasberg of the District of Columbia, who is overseeing many of the D.C. cases.

Plaintiffs attorneys W. Lewis Garrison of Birmingham, Alabama’s Heninger, Garrison & Davis, and Morgan & Morgan’s John Yanchunis, in Tampa, Florida, filed papers supporting an alternative venue, the Eastern District of Virginia, specifically suggesting Anthony Trenga, Leonie Brinkema or Liam O’Grady as preferred judges to manage the litigation in Alexandria, Virginia.

In addition to the class actions, New York Attorney General Letitia James also has launched an investigation of the Capital One breach.

Balser stepped into the Capital One case on the heels of the Equifax litigation. To represent Equifax, Balser teamed with Phyllis Sumner, King & Spalding’s chief privacy officer, who leads the firm’s data, privacy and security practice. Equifax, a credit-reporting agency, suffered a breach that compromised the personal information of 147 million of its customers. Balser negotiated a settlement, which includes $1 billion on cybersecurity measures and a $380.5 million fund for customers, after failing to dismiss the lawsuits. The deal has faced some controversy after a big claims turnout threatened $125 checks to individual class members.

Balser isn’t just known for data privacy. He also has represented the children of the late Coca-Cola Co. CEO Roberto Goizueta in a trust battle and defends law firms in professional negligence lawsuits, such as a $33 million case against Womble Carlyle Sandridge & Rice, now  Womble Bond Dickinson.

At least four Capital One lawsuits named an additional defendant, Amazon Web Services, where Thompson previously worked, and where the hacked data was stored on a cloud-based system. Amazon Web Services’ lawyer, Newby, is chairman of the American Bar Association litigation section’s privacy and data security committee and is on the ABA’s cybersecurity legal task force.

GitHub, owned by Microsoft Corp., is a software development site on which Thompson posted about her hack of the data. Its lawyer, Rhodes, defends several prominent high tech companies, like Google and Facebook, in privacy matters, as well as class actions and intellectual property lawsuits.