Stephanie D. Thomas is an associate in the Litigation Department and a member of the firm’s Data Strategy & Security Group and the White Collar & Regulatory Defense Group. Her practice focuses on cybersecurity incident response, including ransomware and cross-border incidents, and related regulatory notifications and inquiries, as well as cybersecurity preparedness, data privacy and strategy, internal investigations, and artificial intelligence. Her recent matters include managing responses to cybersecurity incidents for a range of financial services, insurance, technology, and law firms, as well as advising on AI governance programs and regulatory developments related to critical infrastructure and operational resilience. She regularly writes for the Debevoise Data Blog on a wide range of issues.

Ms. Thomas worked in the London office during 2022. She joined Debevoise in 2019. Ms. Thomas received a J.D. from New York University School of Law in 2019, where she was a member of the Journal of Legislation and Public Policy. She received a B.A. summa cum laude from Bucknell University in 2013.

Ms. Thomas is a member of the New York bar and is also admitted to practice before the U.S. District Court for the Southern District of New York.