Caroline Brackeen

Senior Counsel
Norton Rose Fulbright US LLP

Houston
United States
T:+1 713 651 5686
Houston
United States
T:+1 713 651 5686
Caroline Brackeen

Caroline Brackeen

LinkedIn vCard

Biography

Caroline Brackeen focuses on incident response preparation, response to data security incidents and advising on subsequent regulatory inquiries. She has handled a broad range of data security incidents, including business email compromise, ransomware attacks, payment card incidents, e-commerce attacks and advanced persistent threat (APT) group attacks. She guides clients through all stages of the incident response process, helping clients navigate complex forensic investigations and regulatory requirements. Her vast client base has included clothing retailers, grocery chains, multi-brand hospitality groups, restaurant chains, energy services, midstream oil and gas companies, educational institutions, nonprofit organizations and religious organizations. Additionally, she has earned the designation of Certified Information Privacy Professional through the International Association of Privacy Professionals.

Caroline is admitted to the Texas State Bar, Southern District of Texas and the Western District of Texas. 


Professional experience

Expand all Collapse all

JD, cum laude, South Texas College of Law, 2012
BBA, Economics, Baylor University, 2007

  • Texas State Bar
  • Represented a religious non-profit organization in connection with an advanced persistent threat group attack into its network, including coordinating the forensic investigation into their systems, communication with their employees, donors, and members, coordinating with law enforcement, updating and advising the governing body, and developing and implementing a containment strategy. 
  • Represented a large regional grocery chain in connection with a payment card incident involving store adjacent services like fuel pumps, coffee shops, and restaurants, including coordinating the forensic investigation, Payment Card Industry Forensic Investigation, communications strategy, public notifications, and regulatory inquires.
  • Represented an international electronics manufacturer in a sophisticated ransomware attack impacting domestic operations, including coordinating the forensic investigation, developing internal and external communication plans, coordinating with law enforcement, and developing a containment and remediation strategy.
  • Represented an outdoor sports retailer in connection with a e-commerce incident where the threat actor captured payment and order information for online orders, including coordinating the forensic investigation, drafting internal communications, developing public notification strategy, and handling regulatory inquires.
  • Represented energy services provider in connection with a business email compromise spurning from a phishing email, including coordinating the forensic investigation, identifying weaknesses in the security protocols, developing a legal notification strategy, and resolving regulatory inquiries.
  • Represented a curriculum online retailer in connection with an e-commerce incident where the threat actors captured payment information, incuding coordinating the forensic investigation, identifying the involved customers, developing a communication strategy, and assisting with card network inquiries.
  • Represented international, multi-brand dining, hospitality, gaming and entertainment organization in connection with a payment card incident, including coordinating the forensic investigation, advising on card network rules, Payment Card Industry Investigation, coordinating with numerous law enforcement agencies, developing and implementing a broad communications plan, and resolving regulatory inquiries. 
  • Co-author, "Data Security Incident Response and Attorneys' Obligations" 46th Annual Ernest E. Smith Oil, Gas and Mineral Law Institute, UT CLE, March 27, 2020
  • Speaker, "Cybercrime and Cybersecurity," 2020 Cybercrime, Data Protection and Transnational Cooperation, International Law Institute, December 7, 2020
  • Presenter, "Data Security Incident Response and Attorneys' Obligations" 46th Annual Ernest E. Smith Oil, Gas and Mineral Law Institute, UT CLE, March 27, 2020
  • United Way Young Leaders
  • International Association of Privacy Professionals
  • Houston Bar Association
  • InfraGuard Houston Alliance