                           UNITED STATES DISTRICT COURT
                           FOR THE DISTRICT OF COLUMBIA



 GUO WENGUI,

         Plaintiff,
                v.                                     Civil Action No. 19-3195 (JEB)


 CLARK HILL, PLC, et al.,

         Defendants.


                                 MEMORANDUM OPINION

       This case features an asylum-application process gone awry, accompanied by alleged

professional misconduct, foreign-government cyber hacking, and social-media propaganda

campaigns. After Plaintiff Guo Wengui, a Chinese businessman and prominent political

dissident, retained the services of the law firm Clark Hill, PLC to assist him with an asylum

petition, someone –– whom the parties presume to be associated with the Chinese government ––

hacked into the firm’s computer servers. The hacker thereby gained access to Plaintiff’s

confidential information and then published that information on the Internet. Compounding

Wengui’s problems, the firm withdrew its representation in response to the attack. Plaintiff

asserts that in making his information vulnerable to a targeted hacking and subsequently

withdrawing from the matter, Defendants Clark Hill and its attorney Thomas Ragland are liable

for legal malpractice, breach of fiduciary duty, and breach of contract. Defendants now move to

dismiss all claims.

       To succeed on his tort claims, Wengui must “point to an act (or omission)” that “resulted

in a loss” to him. See Seed Co., Ltd. v. Westerman, 840 F. Supp. 2d 116, 127 (D.D.C. 2012).



                                                1
Plaintiff has successfully pleaded that the alleged mishandling of his information and subsequent

cyber attack resulted in damages. The withdrawal, however, may have added insult, but it did

not add injury. In addition, he cannot establish that the withdrawal breached Defendants’

contractual obligations to him. The Court therefore will dismiss all of Plaintiff’s claims to the

extent they rely on the theory that Defendants’ withdrawal constituted a legally remediable

wrong, but it will permit those claims to go forward that allege misrepresentations surrounding

and mishandling of his confidential information. Finally, it dismisses the demand for punitive

damages, as Plaintiff has not satisfied the high bar necessary for seeking such relief.

I.     Background

       A. Factual Background

       As it must at this juncture, the Court draws the facts from the Complaint. See Sparrow v.

United Air Lines, Inc., 216 F.3d 1111, 1113 (D.C. Cir. 2000). Plaintiff is a “highly successful

businessman” and “well-known Chinese dissident.” ECF No. 1 (Complaint), ¶ 10. While living

in China, he exposed “systemic corruption” and “widespread abuse of human rights” being

perpetrated by the Communist Party of China (CCP), China’s ruling political party. Id., ¶ 15.

These activities naturally caught the attention of the CCP, which allegedly threatened his

livelihood and that of his family in order to put an end to his subversive activities. Id.,

¶¶ 18–19. Fearing further persecution, Plaintiff fled his native country in 2015, and he now

resides in New York. Id., ¶ 10. Wengui’s escape from China has not prevented further

harassment. The Chinese government has, for example, sent emissaries to demonstrate against

him outside of his home as part of a larger “malicious negative propaganda campaign” organized

against him. Id., ¶¶ 23– 24. In response to this cross-continental maltreatment, Plaintiff set

about applying for political asylum in the United States.




                                                  2
       The source of this dispute dates back to Plaintiff’s negotiations with Defendant Thomas

Ragland, an attorney and partner at Defendant Clark Hill, PLC –– a firm comprising about 650

lawyers ––– regarding potential assistance with his asylum petition. Id., ¶¶ 11–12. Hoping to

secure Plaintiff as a client, Ragland assured him that both he and the firm more broadly “were

qualified, capable, and competent to represent plaintiff and to protect his interests fully and

professionally.” Id., ¶ 28. At a subsequent meeting in August 2016, Wengui conveyed to

Ragland and other Clark Hill attorneys “his standing and visibility as a prominent Chinese

political dissident” and “the risks associated with and attendant to plaintiff’s position as a

prominent visible critic of the Chinese regime.” Id., ¶ 31. Plaintiff also “warned of the

persistent and relentless cyber attacks that he and his associates had endured.” Id.

       In further meetings with the firm, Wengui continued to warn Defendants that they should

“expect to be subjected to sophisticated cyber attacks.” Id., ¶ 32. In taking on Plaintiff’s case,

Defendants accordingly agreed to “take special precautions to prevent improper disclosure of

plaintiff’s sensitive confidential information.” Id., ¶ 33. These precautions would include

distinct measures to impede or evade cyber attacks, by, for example, “not placing any of

plaintiff’s information on the firm’s computer server,” as doing so would make the information

more vulnerable to hackings. Id. Relying on the firm’s commitments regarding the protection of

his confidential information, Plaintiff hired Defendants, executing a letter of retention and paying

the firm a retainer fee of $10,000. Id., ¶ 36.

       Unfortunately for all parties involved, Plaintiff’s warnings of a cyber attack, apparently

as unheeded as Cassandra’s, proved prescient. On September 12, 2017, the firm’s computer

system was “hacked” –– again, both parties assume that the hacking was orchestrated by the

Chinese government –– “apparently without great difficulty.” Id., ¶ 41. The hacker obtained a




                                                  3
substantial amount of Plaintiff’s and his spouse’s personal information, such as their passport

identification numbers, as well as Plaintiff’s application for political asylum. Id., ¶ 43. This

information, including the contents of Wengui’s asylum petition, was then published and

disseminated on social media. Id., ¶ 44.

        Following the attack, the parties’ relationship quickly dissolved. On September 19, Clark

Hill’s General Counsel, Edward Hood, informed Plaintiff that the firm was terminating its

involvement with his case. Id., ¶ 49. Hood explained that the attack might require Ragland,

along with other members of the firm, to serve as witnesses at Plaintiff’s asylum proceeding, as

the hacking provided evidence of the political persecution from which Plaintiff sought asylum in

the United States. Id. Hood posited that because the Rules of Professional Conduct bar

attorneys from playing the dual role of witness and advocate, Defendants were required to

withdraw from the matter. Id., ¶¶ 49–50. At the time of that withdrawal, Plaintiff had filed an

asylum application and was awaiting a hearing. Id., ¶ 51.

        B. Procedural History

        On September 19, 2019, Wengui filed this action against Defendants in the Superior

Court of the District of Columbia. Defendants then removed the case to this Court on diversity-

jurisdiction grounds. See ECF No. 1 (Notice of Removal) at 1–2. Plaintiff’s Complaint asserts

four counts: (1) breach of fiduciary duty; (2) breach of contract; (3) legal malpractice; and (4)

punitive damages. See Compl., ¶¶ 66–93. Defendants now move to dismiss all counts,

maintaining that they fail to state plausible claims for relief.

II.     Legal Standard

        Federal Rule of Civil Procedure 12(b)(6) provides for the dismissal of an action where a

complaint fails to “state a claim upon which relief can be granted.” Although “detailed factual




                                                   4
allegations” are not necessary to withstand a Rule 12(b)(6) motion, Bell Atl. Corp. v. Twombly,

550 U.S. 544, 555 (2007), “a complaint must contain sufficient factual matter, accepted as true,

to state a claim to relief that is plausible on its face.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009)

(internal quotation omitted).

       In evaluating Defendants’ Motion to Dismiss, the Court must “treat the complaint’s

factual allegations as true and must grant plaintiff ‘the benefit of all inferences that can be

derived from the facts alleged.’” Sparrow, 216 F.3d at 1113 (citation omitted) (quoting Schuler

v. United States, 617 F.2d 605, 608 (D.C. Cir. 1979) (citing Leatherman v. Tarrant Cty.

Narcotics Intelligence & Coordination Unit, 507 U.S. 163, 164 (1993)). The Court need not

accept as true, however, “a legal conclusion couched as a factual allegation” nor an inference

unsupported by the facts set forth in the Complaint. See Trudeau v. FTC, 456 F.3d 178, 193

(D.C. Cir. 2006) (quoting Papasan v. Allain, 478 U.S. 265, 286 (1986)). Finally, even at the

Rule 12(b)(6) stage, a court can review “documents attached as exhibits or incorporated by

reference in the complaint” or “documents upon which the plaintiff’s complaint necessarily

relies.” Ward v. D.C. Dep’t of Youth Rehab. Servs., 768 F. Supp. 2d 117, 119 (D.D.C. 2011)

(internal quotation marks and citations omitted).

III.   Analysis

       In seeking dismissal here, Defendants argue that neither the cyber attack nor the

withdrawal constitutes a ground for a viable claim of legal malpractice, breach of fiduciary duty,

or breach of contract. In particular, they assert that their conduct surrounding these two events

did not breach any duty owed to Plaintiff. They also argue that their actions, even if improper,

did not cause him to suffer any actual damages. The Court will consider the two relevant events




                                                  5
in turn, examining the separate counts in that context, albeit slightly out of sequence.

       A. The Cyber Attack

       As recounted above, the Complaint alleges that: Plaintiff warned Defendants of the risk

of an impending cyber attack; Defendants misrepresented the manner in which they would

protect Plaintiff’s confidential information from such an attack; and Defendants then failed to

protect this information, allowing it to be retrieved and then publicly disseminated by a third-

party hacker. Defendants dispute that they made such representations and argue that, in any

event, the cyber attack did not actually harm Plaintiff. The Court, however, rejects Defendants’

premature attempt to litigate disputed facts at the pleading stage and will deny their Motion to

Dismiss as it pertains to the cyber attack.

                   Breach of Fiduciary Duty

       Count I asserts that Defendants breached various fiduciary duties owed to Plaintiff,

including the duty of good faith, the duty of loyalty, and the duty to protect Plaintiff’s

confidential records. See Compl., ¶ 68. To succeed on a claim of breach of fiduciary duty in the

District of Columbia –– the relevant jurisdiction here ––– Plaintiff must establish “(1) the

existence of a fiduciary duty and (2) a violation of that duty that (3) proximately causes injury.”

Council on Am.-Islamic Relations Action Network, Inc. v. Gaubatz, 82 F. Supp. 3d 344, 353

(D.D.C. 2015) (citing Shapiro, Lifschitz & Schram, P.C. v. Hazard, 24 F. Supp. 2d 66, 75

(D.D.C. 1998)). It is axiomatic that the attorney-client relationship is fiduciary in nature. See

Thomas v. Nat’l Legal Prof’l Assocs., 594 F. Supp. 2d 31, 34 (D.D.C. 2009) (“[T]here is an ever

present fiduciary responsibility that arches over every aspect of the lawyer-client relationship.”)

(quoting Connelly v. Swick & Shapiro, P.C., 749 A.2d 1264, 1268 (D.C. 2000)). Defendants




                                                  6
argue, however, that they did not breach any recognized fiduciary duties owed to Plaintiff and, in

any event, did not cause any actual injury to him.

       First, as to breach of duty, Wengui does not allege, contrary to Defendants’ assertion,

simply that “because there was a cyber incident, Defendants must have put up . . . ‘unreasonable’

security measures.” ECF No. 12 (Def. MTD) at 12. It is true that some courts have gone so far

as to hold that corporations maintain a duty to consumers to “‘protect against a criminal act of a

third person,’ which could include hacking into a private data system, ‘if it is alleged that the

entity had reason to anticipate the criminal act.’” Attias v. CareFirst, Inc., 365 F. Supp. 3d 1, 21

(D.D.C. 2019) (quoting In re Arby’s Restaurant Group Inc., Litig., 2018 WL 2128441, at *5

(N.D. Ga. Mar. 5, 2018)). As a result, those courts have held that if a corporation fails to prevent

a forseeable cyber attack, it thereby breaches fiduciary duties owed its customers. Id. This

Court, however, need not go so far as to find that any corporation’s failure to protect against any

forseeable cyber attack, standing on its own, constitutes a breach of fiduciary duty.

       A fiduciary relationship –– like that between a lawyer and client –– “is founded upon

trust or confidence reposed by one person in the integrity and fidelity of another.” Democracy

Partners v. Project Veritas Action Fund, 285 F. Supp. 3d 109, 121 (D.D.C. 2018) (quoting

Bolton v. Crowley, Hoge, & Fein, P.C., 110 A.3d 575, 584 (D.C. 2015)). The duty of loyalty in

this context “has been described as one of ‘uberrima fides,’ which means, most abundant good

faith, requiring absolute and perfect candor, openness and honesty, and the absence of any

concealment or deception.” Herbin v. Hoeffel, 806 A.2d 186, 197 (D.C. 2002) (emphasis added)

(quotation marks omitted); see also Seed Co., 840 F. Supp. 2d at 126–27 (attorney breaches

fiduciary duties when providing clients with “incorrect and misleading” advice); Herbin, 806

A.2d at 197 (“Disclosure of client confidences is contrary to the fundamental principle that the




                                                  7
attorney owes a fiduciary duty to her client and must serve the client’s interest with the utmost

loyalty and devotion.”) (quotation marks omitted).

       Plaintiff has sufficiently pleaded that Defendants breached their duties of loyalty and

good faith by misrepresenting the manner in which they would protect his confidential

information in order to secure his business. Although they promised to take special precautions,

they placed that information, including his asylum application, on their server and conveyed it

via a firm email account –– in direct contravention of his instructions –– leaving Plaintiff

vulnerable to the precise sort of machinations he had forewarned counsel about. See Compl., ¶¶

2–3, 40–43. He further alleges that the firm breached the applicable duty of care in its treatment

of his information by utilizing security measures that were “inadequate, unreasonable, and fell

woefully far short of [D]efendants’ promises, assurances, obligations, and commitments to

provide adequate security measures.” Id., ¶ 42. Discovery may reveal that Defendants never

made any such misrepresentations to Plaintiff and were not negligent in their handling of his

confidential information, but the well-pleaded allegations in the Complaint preclude granting

Defendants’ Motion to Dismiss.

       Defendants argue in the alternative that even if they misled Plaintiff and were negligent

in handling his confidential information, the cyber attack did not actually cause him any

cognizable harm. Under D.C. law, not surprisingly, a breach of a fiduciary duty requires a

showing of injury or damages. See Headfirst Baseball LLC v. Elwood, 239 F. Supp. 3d 7, 14

(D.D.C. 2017) (canvassing D.C. caselaw); see also Becker v. Colonial Parking, Inc., 409 F.2d

1130, 1136 (D.C. Cir. 1969) (“A simple breach of duty having no causal connection with the

injury, we have admonished, cannot produce legal responsibility.”) (quotation marks omitted).

In arguing that Plaintiff has not made such a showing, Defendants rely on Randolph v. ING Life




                                                 8
Insurance & Annuity Company, 973 A.2d 702 (D.C. 2009), where the District of Columbia

Court of Appeals held that an “increased risk of future identity theft” does not qualify as an

“actionable” injury “required to maintain a suit for common-law breach of fiduciary duty.” Id. at

708.

       Although this case, like Randolph, concerns a data breach, the similarities end there. In

Randolph, an unknown burglar stole a laptop computer owned by the employee of an insurance

company, which contained the plaintiffs’ insurance information, including their names,

addresses, and social-security numbers. Id. at 704. The DCCA reasoned that the plaintiffs had

failed to plead “actual harm” because they had not alleged that the burglar stole the laptop in

order to access their information or that their information had even been accessed since the

laptop was stolen. Id. at 706–08. Instead, they simply alleged “the anticipation of future injury

[identity theft] that has not materialized.” Id. at 708; see also In re Sci. Applications Int’l Corp.

(SAIC) Backup Tape Data Theft Litig., 45 F. Supp. 3d 14, 19 (D.D.C. 2014) (dismissing case

where plaintiffs’ information, along with other items, was allegedly stolen from parked car

because “mere loss of data –– without evidence that it has been either viewed or misused –– does

not constitute an injury sufficient to confer standing”).

       Plaintiff, however, has gone well beyond pleading the anticipation of future injury and

has instead alleged an actual injury resulting from Defendants’ conduct. According to the

Complaint, the Chinese government or someone associated with it hacked Defendants’ server for

the express purpose of stealing Plaintiff’s information. The hacker then “published” the

confidential material, including Plaintiff’s application for political asylum and passport

identification number, on social media. See Compl., ¶¶ 43–44. This chain of events occurred in

the context of a broader propaganda campaign orchestrated by the CCP, one that included




                                                  9
utilizing social-media platforms to spread information about Plaintiff and mobilizing

demonstrators to protest his presence in the United States. Id., ¶¶ 22–24. Wengui therefore does

not “speculate” as to potential uses of the stolen information; it has already been employed as

part of the CCP’s persecution and harassment of him. The Court therefore rejects Defendants’

invitation to find that the cyber attack did not actually harm Plaintiff as a matter of law.

                   Legal Malpractice

       Count III alleges legal malpractice, asserting that Defendants breached their “common

law” and “professional and ethical duties and obligations to plaintiff . . . by failing to use the

required degree of professional care and skill in representing plaintiff,” and in failing to maintain

“reasonable security measures to secure their computer system from unauthorized access, as

required and promised to plaintiff.” Id., ¶¶ 82–85.

       The elements of a legal-malpractice claim are similar to, but slightly distinct from, those

for breach of fiduciary duty. See Hickey v. Scott, 738 F. Supp. 2d 55, 67 (D.D.C. 2010) (quoting

Shapiro, Lifschitz & Schram, 24 F. Supp. 2d at 74). As Justice O’Conner has commented,

“Lawyers are professionals, and as such they have greater obligations.” Zauderer v. Office of

Disciplinary Counsel, 471 U.S. 626, 676 (1985) (O’Connor, J., concurring). To succeed on a

legal-malpractice claim in the District of Columbia, “the plaintiff must show that (1) the

defendant was employed as the plaintiff’s attorney, (2) the defendant breached a reasonable duty,

and (3) that breach resulted in, and was the proximate cause of, the plaintiff’s loss or damages.”

Beach TV Props., Inc. v. Solomon, 306 F. Supp. 3d 70, 93 (D.D.C. 2018) (quoting Martin v.

Ross, 6 A.3d 860, 862 (D.C. 2010)).

       For the reasons recounted above, this count may also proceed as to the cyber attack

because the Complaint identifies a breach of the duty of reasonable care owed by attorneys to




                                                  10
their clients and actual damages. To be sure, attorneys cannot be held “liable for mistakes made

in the honest exercise of professional judgment.” Biomet Inc. v. Finnegan Henderson LLP, 967

A.2d 662, 665 (D.C. 2009). Honest mistakes, however, are a far cry from the conduct alleged

here: misrepresentations made in order to secure a prospective client, the failure to follow

promised procedures to adequately secure confidential information, and damages. See Swann v.

Waldman, 465 A.2d 844, 846 (D.C. 1983) (finding plaintiff’s allegations that attorney lied to

him about attempting to obtain continuance and was negligent in failing to obtain expert witness

sufficient to withstand motion for summary judgment on legal-malpractice claim).

                   Breach of Contract

       Plaintiff also brings a claim for breach of contract in Count II, alleging that the firm

violated its contractual obligation to provide “competent representation” by undertaking a matter

beyond its “professional or technical competence” and “neglecting to undertake reasonable

security measures.” Compl., ¶ 76. “To prevail on a claim of breach of contract, a party must

establish (1) a valid contract between the parties; (2) an obligation or duty arising out of

the contract; (3) a breach of that duty; and (4) damages caused by breach.” United States

Conference of Mayors v. Great-W. Life & Annuity Ins. Co., 327 F. Supp. 3d 125, 129 (D.D.C.

2018), aff’d, 767 F. App’x 18 (D.C. Cir. 2019) (quoting Tsintolas Realty Co. v. Mendez, 984

A.2d 181, 187 (D.C. 2009)). Defendants concede that the parties entered into a valid contract

(in this case, an engagement letter) that set forth their “respective obligations and expectations.”

See Def. MTD at 14. They dispute, however, that Plaintiff has alleged a breach of that contract.

       Accepting the facts in the Complaint as true, Wengui has met his pleading burden –– if

just barely –– of establishing that Defendants did not meet their contractual obligations. In

particular, he alleges that they violated their obligations to provide “competent representation”




                                                 11
and keep Plaintiff “reasonably informed about the status of the matter,” Def. MSJ, Exh. A

(Retainer Agreement) at 2, by misleading him as to the manner in which his information would

be handled in the future, and then by failing to inform him when they eventually placed that

information on their server. For the reasons stated in regard to the prior counts, this claim can

proceed on the basis of failing to safeguard his information, which could amount to incompetent

representation.

       Going forward, however, Plaintiff may need to clarify this count because he appears to be

exploring several different theories as to how Defendants breached the retainer agreement. First,

he seems to be laying the groundwork for the introduction of extrinsic evidence. This evidence

might demonstrate that Defendants orally amended the terms of the contract in making

representations regarding higher-level protection of Plaintiff’s personal information. See Segal

Wholesale, Inc. v. United Drug Serv., 933 A.2d 780, 784 (D.C. 2007) (extrinsic evidence

“consistent with the terms of a partially integrated agreement is permissible”); see also

Stamenich v. Markovic, 462 A.2d 452, 455 (D.C. 1983) (extrinsic evidence permissible to

demonstrate “a contemporaneous agreement in addition to and not inconsistent with or a

variation of the written agreement between the same parties, which was an essential inducement

of the written contract” or where “fraud, mistake, or duress is alleged”).

       Alternatively, Plaintiff also appears to be seeking to demonstrate that Defendants violated

a general obligation to provide competent representation in providing insufficient protection of

client materials. See Compl., ¶ 76. Or, finally, he may be asserting that Defendants breached the

“implied duty of good faith and fair dealing” that D.C. courts have found to be contained within

all contracts, one that prohibits “evad[ing] the spirit of the contract” or “willfully render[ing]

imperfect performance.” Murray v. Wells Fargo Home Mortg., 953 A.2d 308, 321 (D.C. 2008)




                                                  12
(internal quotation marks omitted). Plaintiff will have to choose among these theories, and

provide much more substantial support for them, should he decide to defend this count against

further dispositive motions.

                   Duplicative Nature of Claims

       Finally, the Court rejects Defendants’ argument that the three claims chronicled above

are necessarily “duplicative” of one other and thus that only one can proceed past the pleading

stage. Under D.C. law, when a plaintiff’s breach-of-fiduciary-duty claim rests on the same

factual allegations and requests the same relief as his professional-malpractice claim, a court “as

a matter of judicial economy, should dismiss” one of the claims as duplicative. See N. Am.

Catholic Educ. Programming Found., Inc. v. Womble, Carlyle, Sandridge & Rice, PLLC, 887 F.

Supp. 2d 78, 84 (D.D.C. 2012) (collecting cases). The same holds true for tort claims that arise

out of the same factual circumstances as a breach-of-contract claim. See Attias, 365 F. Supp. 3d

at 18 (“Under D.C. law, for a plaintiff to recover in tort for conduct that also constitutes a breach

of contract, ‘the tort must exist in its own right independent of the contract, and any duty upon

which the tort is based must flow from considerations other than the contractual relationship.’”)

(quoting Choharis v. State Farm Fire & Cas. Co., 961 A.2d 1080, 1089 (D.C. 2008)).

       Down the line, Plaintiff may indeed have to choose among his three common-law claims.

At this early stage, however, it would be premature to dismiss any of the three as duplicative,

given the fact-dependent nature of such an inquiry. While the counts all relate to the cyber attack

generally, they may be predicated on distinct wrongs surrounding the attack. Defendants’

conduct may have, for example, violated a Rule of Professional Responsibility –– potentially

creating liability for legal malpractice –– which does not necessarily give rise to a breach of

fiduciary duty. See, e.g., Hickey, 738 F. Supp. 2d at 67–68 (finding fee-related fiduciary-duty




                                                 13
claim distinct from legal-malpractice claim concerning breach of Rule of Professional

Responsibility in dispute over fees).

       Finally, considerations of judicial economy do not weigh in favor of dismissal of any

claims here. Allowing all three to proceed will not expand the scope of the case or potential

avenues of discovery. At this juncture, therefore, the Court will decline Defendants’ invitation to

narrow Plaintiff’s potential theories of relief. In sum, the Court will deny Defendants’ Motion to

Dismiss Counts I, II, and III to the extent that they rely on the theft of his personal information

via cyber attack and Defendants’ misrepresentations relating to protections from that attack.

       B. The Withdrawal

       By contrast, Defendants’ withdrawal from Plaintiff’s asylum process –– or, as Plaintiff

labels the incident, their “firing” of him –– does not provide grounds for a viable legal claim. As

described above, Defendants terminated their representation of Wengui following the cyber

attack. They explained in a letter to him that the attack had created “several ethical

complications” related to their representation. See ECF No. 12-5 (Clark Hill Termination Letter)

at 1. Defendants’ “primary concern” was that “the cyberattack would require Mr. Ragland ––

and possibly other members of the Firm –– to be a witness in [Plaintiff’s] asylum proceeding”

because they now had first-hand knowledge of China’s prior persecution of Plaintiff, a factor

relevant to that proceeding. Id.

       In their Motion to Dismiss, Defendants argue that not only did their withdrawal not

breach any duty owed to Wengui, but that it was in fact required by the Rules of Professional

Conduct. See D.C. R. Prof. Conduct 1.16(a)(1) (D.C. Bar 2010) (attorney must withdraw from

representing client if ongoing representation would violate Rule of Professional Conduct).

Defendants again rely on Rule of Professional Conduct 3.7(a), which states that an attorney




                                                 14
“shall not” act as an advocate for a client when she is “likely to be a necessary witness” in the

proceeding. They also invoke Rule 1.7(b)(4), which requires withdrawal if the lawyer’s ability

to represent a client “reasonably may be adversely affected by the lawyer’s responsibilities to or

interests in a third party or the lawyer’s own financial, business, property, or personal interests.”

Defendants explain that following the cyber attack, they had their “own interests in investigating

and mitigating the incident –– which conflicted with their representation of Plaintiff.” Def. MTD

at 8.

        Regarding Rule 3.7(a), Plaintiff counters that Defendants’ withdrawal was premature at

best, given that Wengui “did not have an asylum interview, let alone any hearing” and “had not

asked that Mr. Ragland be a witness.” ECF No. 14 (Pl. Opp.) at 8. Additionally, Plaintiff argues

that Rule 1.7(b)(4) raises “inherently factual issues” as to whether the cyber attack created a

conflict of interest, issues that cannot be resolved at this stage. Id. at 21.

        The Court need not settle these disputes because Wengui’s fiduciary and malpractice

claims run aground on a different shoal. Plaintiff has not sufficiently pled that Defendants’

conduct, even if improper, damaged or prejudiced him. Both of these claims require a showing

of damage or loss. See, e.g., Seed Co., 840 F. Supp. 2d at 126 (plaintiff bringing malpractice

claim “must point to an act (or omission) by the . . . [D]efendants that resulted in a loss” to him);

Randolph, 973 A.2d at 708–09 (same regarding breach of fiduciary duty). As one court in this

district described the applicable test when considering legal malpractice, the claim “does not

accrue until the plaintiff-client has sustained some injury from the malpractice[,]’ and the ‘mere

breach of a professional duty, causing only nominal damages, speculative harm, or the threat of

future harm — not yet realized — does not suffice to create a cause of action for negligence.’”




                                                   15
Venable LLP v. Overseas Lease Grp., Inc., 2015 WL 4555372, at *2 (D.D.C. July 28, 2015)

(quoting Knight v. Furlow, 553 A.2d 1232, 1235 (D.C. 1989)).

       Plaintiff’s claims predicated on the withdrawal do not plead damages that rise above the

“speculative” or “nominal” level. Wengui does not dispute, for example, that at the time of

Defendants’ withdrawal, his asylum application had already been filed and he was awaiting an

initial interview, which can take years to schedule. See Def. MTD at 20. He also does not claim

to have experienced difficulties in finding a successor counsel with immigration-law expertise.

As a result, Wengui has failed to factually substantiate his conclusory allegations that

Defendants’ withdrawal caused him “undue delay and complications,” reputational harm, and

prejudiced the outcome of his case. See Compl., ¶ 60; see also Hinton v. Stein, 278 F. Supp. 2d

27, 33 (D.D.C. 2003) (rejecting legal-malpractice claim where “[a]lthough there was a brief

attorney-client relationship between the parties, defendant was justified in seeking to withdraw[,]

. . . [h]er motion to withdraw was filed promptly[,] and there is no indication that plaintiff

suffered any injury as a result of her withdrawal”). Put differently, the Complaint does not allege

that Plaintiff “suffered any injury because of Defendant[s’] failure to represent him,” and the

Court will therefore dismiss his fiduciary-duty and malpractice claims to the extent that they rely

on the withdrawal as the purported harm. Id.

       Plaintiff’s breach-of-contract claim based on the withdrawal is somewhat different, but

also merits dismissal. A party may prevail on such a claim even if he “fails to prove actual

damages,” although he will be “entitled to no more than nominal damages.” Wright v. Howard

Univ., 60 A.3d 749, 753 (D.C. 2013) (quoting Bedell v. Inver Housing Inc., 506 A.2d 202, 205

(D.C. 1986)). With regard to the withdrawal, however, Plaintiff has failed to even gesture at

provisions of the contract that Defendants breached in terminating their representation or at




                                                 16
extrinsic evidence that might support such a claim. See Retainer Agreement at 2, 4 (attorney

may terminate agreement for reasons permitted under Rules of Professional Conduct or if any

conflict of interest arises).

        C. Punitive Damages

        The Court last tackles Count IV, which asserts a claim of punitive damages. Specifically,

the Complaint alleges that Defendants violated Plaintiff’s “rights” in an “intentional deliberate,

[and] outrageous” manner. See Compl., ¶ 90. To begin, punitive damages are a form of relief,

not a stand-alone cause of action. Although the count cannot survive independently, the Court

considers whether such damages are available to Wengui at all. “To recover punitive damages,”

a plaintiff must establish that “the tortious act was committed with ‘an evil motive, actual malice,

deliberate violence or oppression’ or in support of ‘outrageous conduct in willful disregard of

another's rights.’” Embassy of Nigeria v. Ugwuonye, 297 F.R.D. 4, 14 (D.D.C. 2013) (quoting

Robinson v. Sarisky, 535 A.2d 901, 906 (D.C. 1988)). The imposition of punitive damages thus

requires conduct that is “replete with malice.” See Dalo v. Kivitz, 596 A.2d 35, 40 (D.C. 1991);

see also Hendry v. Pelland, 73 F.3d 397, 400 (D.C. Cir. 1996) (“District of Columbia law

allows punitive damages only if the attorney acted with fraud, ill will, recklessness, wantonness,

oppressiveness, or willful disregard of the clients’ rights.”).

        The Complaint does not plead such “outrageous” activity. Instead, if true, Wengui’s

allegations suggest that Defendants’ failure to protect his information against hacking may mean

that the firm acted “imprudently or incompetently, but they fall far short of showing the blatant

wrongdoing necessary for a jury to infer that [Defendants] acted either with deliberate malice or

conscious disregard of [their client’s] rights.” Hendry, 73 F.3d at 400; see also Embassy of

Nigeria, 297 F.R.D. at 14 (rejecting punitive-damages claim where attorney stole client’s tax




                                                  17
refund and deposited it in firm’s account). Plaintiff does not allege, for example, that Defendants

intentionally left their server vulnerable to third-party hackings or stood to profit from such an

event in any way. The Court therefore dismisses Count IV of the Complaint.

IV.    Conclusion

       For the foregoing reasons, the Court will grant in part and deny in part Defendants’

Motion to Dismiss. A separate Order consistent with this Opinion will be issued this day.




                                                              /s/ James E. Boasberg
                                                              JAMES E. BOASBERG
                                                              United States District Judge
Date: February 20, 2020




                                                 18
