Blank Rome partner engaged in 'secretive spying' by accessing private computer files at ex-firm, suit alleges
A New York law firm has filed a lawsuit alleging that the former chief of its finance practice engaged in a pattern of “disloyal and improper conduct” that included a “secretive spying and cyberstalking campaign” against two firm leaders before he left the firm to become a partner at Blank Rome.
The Otterbourg firm filed the Nov. 7 suit in New York’s trial-level supreme court against Blank Rome partner James Cretella. It alleges that his improper conduct at Otterbourg included exploiting the firm’s computer systems to access private files belonging to Otterbourg chairman Richard L. Stehl and firm president Richard G. Haddad.
“The data shows hundreds of deliberate intrusions—often in the dead of night—targeting files that (as their titles plainly revealed) had nothing to do with firm business,” the suit says.
According to the suit, accessed files included home security system codes and login credentials for live camera feeds inside and outside the Stehl family residence, personal tax returns, private financial statements, Social Security-linked password files, communications concerning private family matters, confidential medical records of a close family member, vacation itineraries and home renovation plans.
The suit also contends that Cretella “covertly viewed confidential board of directors emails regarding partner compensation, personnel disputes and internal management strategies.”
Despite the cyberstalking allegation, the suit does not allege that Cretella used the information to intimidate or harass Stehl and Haddad.
The suit against Cretella follows a June suit filed by Otterbourg and Stehl against another former partner who joined Blank Rome, Ikhwan A. Rafeek. That suit alleges that Rafeek “repeatedly and systematically” accessed private computer files belonging to Stehl to pry into his life and that of his family. Attorneys’ personal files were unintentionally made accessible following a system upgrade, the suit says.
Rather than reporting the vulnerability, the suit says, “Rafeek deliberately exploited it.” The suit also claims that Rafeek learned of Cretella’s planned exit and did not inform Otterbourg.
Instead, the Rafeek suit says, Cretella and Rafeek “coordinated a schedule of client meetings and dinners across the country—events nominally held in Otterbourg’s name that were supposed to be for the benefit of the firm. But, in reality, Rafeek and Cretella orchestrated the events to facilitate client relations for their own future firm.”
Rafeek submitted reimbursement requests totaling more than $38,000 for two of the events in late 2024, the suit against him says.
Cretella did not immediately respond to the ABA Journal’s request for comment.
He maintains, however, in an affidavit filed in a separate federal suit that he sometimes came across personal files when conducting searches for work-related reasons. The personal files could be seen by him or other Otterbourg attorneys by using a “preview” function, which he often used to find the work documents that he wanted, according to the affidavit and a motion filed in the federal suit.
In a second affidavit in the federal suit, Cretella says Stehl told him that his security company confirmed that neither Cretella nor anyone else had accessed his home security network.
Rafeek did not immediately respond to the Journal’s request for comment.
A July 18 motion to dismiss says Otterbourg filed a “baseless lawsuit” with “bogus claims” in an “attempt to punish Rafeek vindictively” for deciding to leave the firm. There are no facts supporting the allegation that client meetings were unrelated to firm business and no facts showing that any client was improperly solicited, the dismissal motion says.
The state court suit against Cretella included additional allegations that he gave confidential pricing data and “strategic trade information” to Blank Rome and failed to disclose his intent to leave, so that he could collect a “substantial seven-figure discretionary bonus.”
The suit also says Cretella misused firm phones and firm-paid travel to exchange text messages with an escort known as “Goddess Kat” and to connect with other women.
“He misrepresented the expenses incurred in pursuit of his personal dalliances as legitimate firm expenses,” the suit says.
The suit alleges breach of contract, breach of fiduciary duty, fraudulent concealment and unjust enrichment.
A Blank Rome spokesperson did not immediately respond to the Journal’s request for comment.
Cretella’s affidavits were submitted in a separate suit filed against him by Stehl and Haddad in the U.S. District Court for the District of Connecticut, where Cretella’s home is located.
The federal suit, filed in March and amended the next month, alleges that Cretella engaged in a “relentless and calculated invasion of privacy” through “unlawful access to plaintiffs’ most sensitive and confidential files.”
“The extent of this cyberstalking is not just disturbing; it is outrageous,” according to the federal suit. “Cretella did not merely stumble upon private information; he hunted for it, exploited security controls, and repeatedly trespassed into the most personal and private aspects of plaintiffs’ lives.”
The federal suit suggests that a potential motivation for Cretella’s alleged conduct was “to obtain leverage should his reckless and high-risk lifestyle come under scrutiny.”
The federal suit alleges intrusion upon seclusion and seeks punitive damages.
In a May 7 motion to dismiss the federal suit, lawyers for Cretella allege that the plaintiffs lack standing because any injury was “self-inflicted.”
“Although plaintiffs try to hide behind irrelevant allegations about how Otterbourg’s computer system was intended to operate, the complaint confirms a simple fact fatal to plaintiffs’ standing: Using firm-provided credentials, Cretella and other attorneys searched the firm’s computer network and viewed the results of those searches, which allegedly included files plaintiffs saved to the firm-wide network. The only plausible conclusion is that plaintiffs failed to take any measures to prevent their files from being accessed through routine, firmwide network searches.”
Stehl and Haddad saved files on the network in such a way that they could be seen simply by “previewing” the files, rather than opening them by using credentials Otterbourg provided, the dismissal motion says.
“Indeed, despite the firm’s investigation and analysis of Cretella’s electronics,” the motion says, “plaintiffs do not offer any factual allegations about how Cretella ‘exploited security controls’ or what ‘forensic evasion tactics’ he allegedly used.”
Nor is there any allegation that Cretella saved, copied or disseminated the documents other than allegedly discussing one email with an unnamed attorney, the motion says. And there is no allegation that Cretella used the information against Stehl and Haddad, according to the motion.
An allegation that Cretella may have accessed the documents for leverage is “wild speculation,” the dismissal motion says. Although the initial federal complaint mentioned the “Goddess Kat” allegations that are also in the state court suit, they are no longer in the amended federal suit.
Cretella’s lawyer, H. Christopher Bartolomucci, told the Journal that “contested allegations” were removed in the amended complaint after he provided a draft Rule 11 motion of the Federal Rules of Civil Procedure to the plaintiffs.
The dismissal motion also argues that New York law applies because it concerns files located in New York, and the state does not recognize the tort of intrusion of seclusion. If Connecticut law applies, the plaintiffs failed to state a claim for intrusion upon seclusion, the dismissal motion says.
“There can be no such expectation for files left accessible on a firmwide network,” the dismissal motion says.
In the dismissal motion affidavit, Cretella says Stehl and Haddad could have restricted access to their folders, but they failed to do so.
Like other attorneys, Cretella says in the affidavit, he often previewed search results on the network when searching for work-related documents because that is quicker. One of his jobs at the firm was to prepare applications for insurance policies, which required him to submit contracts for contract partners, financial statements and board of directors minutes. Stehl was aware that Cretella accessed such information, according to the affidavit.
An audit conducted about a year before the federal suit was filed showed that personal files had been accessed by Cretella and others, leading to a change in which attorneys’ individual folders would be accessible only to the individual attorney, the affidavit says.
Stehl learned of the audit and at first threatened to “ruin” Cretella, according to the affidavit. But after others told Stehl that there was no coordinated effort to read his personal documents, “our working relationship continued just as it had been before,” the affidavit says.
“Facts and circumstances convince me that my decision to leave Otterbourg, and not any grand privacy-related injury that plaintiffs now claim, brought on this lawsuit,” Cretella says in the affidavit.
Hat tip to Law.com, which reported on the suits.
Write a letter to the editor, share a story tip or update, or report an error.
