By William D. Slicker
Theft today is rampant. Hacking goes on all the time. There is a hacking attack about every 39 seconds.[1] In the United States alone, there are roughly 2,000 cyber attacks each day.[2] Microsoft sees an average of 50 million password attacks each day and blocks over 82 million malicious emails per day.[3] One report counted 1,732 successful data breaches in 2025.[4] One analysis saw ransomware attacks surge 126% in 2025 over 2024[5].
So one day a potential client may come to you seeking counsel for a lawsuit and they may have the “smoking gun” emails. The emails look like treasure. But if the potential client obtained the emails by hacking or other theft, the emails are trash.
In Staton Techiya, LLC v. Samsung Electronics Co., LTD, a party acting as Staton Teciya’s agent improperly acquired Samsung’s privileged information both before and during the case through two attorneys who had previously worked for Samsung.[6] One of the attorneys denied having the crucial document until he heard a criminal prosecutor play an audio recording of him discussing the document.[7] Staton Techiya failed to see a conflict of interest and did no inquiry into how the attorney obtained the crucial document.[8] The court held that Staton Techiya’s pre-litigation conduct in surreptitiously acquiring the opposing party’s privileged or confidential information constituted bad faith misconduct that gave Staton Techiya “unclean hands” which warranted dismissal of Staton Techiya’s case with prejudice.[9]
In Jackson v. Microsoft Corp., shortly before leaving his employment with Microsoft, Mr. Jackson either stole or purchased from another employee two compact discs containing about 10,000 email messages.[10] The emails contained significant amounts of privileged and other sensitive information regarding trade secrets.[11] Mr. Jackson gave at least three different versions as to how he got the CDs.[12] The court found that Mr. Jackson’s actions had prejudiced Microsoft and the court dismissed Mr. Jackson’s case.[13]
In Mayorga v. Ronaldo, Der Spiegel, a German newspaper published a series of articles based on data it was given by “Football Leaks”, a website purporting to expose corruption by the World’s Soccer Teams, players, and officials.[14] The article alleged that player Cristiano Ronaldo had paid Kathryn Mayorga $375,000 in exchange for, among other things, that Mayorga would not pursue criminal charges against Ronaldo for sexual assault.[15] The article made it clear that its source included confidential internal communications between Ronaldo and his attorneys.[16] Mayorga later filed a civil litigation against Ronaldo and unknown “fixers” who coerced her into the earlier settlement.[17] Ronaldo moved to dismiss the case on the basis that the hacked documents were used to craft the complaint.[18] Mayorga responded that they were not the ones who had misappropriated the documents.[19] The court found that Mayorga’s counsel crossed an ethical line when he used the hacked documents. The court wrote that the good news was that few lawyers stoop to that level. The bad news was that there was precedent to hold that counsel’s conduct constituted bad faith.[20] The court stated that the use of the hacked documents irretrievably prejudiced Ronaldo, and the court dismissed Mayorga’s complaint with prejudice.[21]
In Xyngular Corp v. Schenkel, Mr. Schenkel, who was a shareholder of Xyngular Corp, secretly obtained documents from Ian Swan, who was an IT consultant providing services to Xyngular Corp.[22] After collecting these documents over a year, Mr. Schenkel sued Xyngular Corp and alleged that the other shareholders were siphoning off profits into hidden offshore accounts.[23] The court found that Mr. Schenkel’s pre litigation surreptitious procurement of the documents constituted bad faith conduct that caused actual prejudice to Xyngular Corp and therefore the court dismissed Mr. Schenkel’s claims with prejudice.[24]
The lesson from the cases is that if a potential client comes to you with a treasure trove of documents to base a claim on, you better be able to show that the potential client obtained these documents legally. Otherwise, if you file the case and it gets dismissed for being based on stolen documents, you will be the one telling a Florida Bar investigator why you filed a lawsuit based on stolen documents.
[1] Deepstrike, How Many Cyberattacks Happen Every Day in 2025? Dec 15. 2025 https://deepstrike.io/blog/how-many-cyberattacks-happen-every-day
[2] Supra
[3] Supra
[4] Supra
[5] Supra
[6] Staton Techiya, LLC. v. Samsung Electronics Co. Ltd., 742 F. Supp 3d 602 (E.D. Tex 2024)
[7] Supra
[8] Supra
[9] Supra
[10] Jackson v. Microsoft Corp., 211 F.R.D. 423 (W.D. Wash. 2002), affirmed 78 F. App’x 588 (9th Cir. 2003)
[11] Supra.
[12] Supra.
[13] Supra.
[14] Mayorga v. Ronaldo, 606 F. Supp. 3d 1003 (D. Nev. 2022).
[15] Supra.
[16] Supra.
[17] Supra.
[18] Supra.
[19] Supra.
[20] Supra.
[21] Supra.
[22] Xyngular Corp v. Schenkel, 200 F. Supp. 3d 1273 (D. Utah 2016), affirmed, 890 F. 3d 868 (10th Cir. 2018)
[23] Supra.
[24] Supra.
