Wengui v. Clark Hill Plc ( 2020 )

                           UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA
GUO WENGUI,
Plaintiff,
v.                                     Civil Action No. 19-3195 (JEB)
CLARK HILL, PLC, et al.,
Defendants.
MEMORANDUM OPINION
This case features an asylum-application process gone awry, accompanied by alleged
professional misconduct, foreign-government cyber hacking, and social-media propaganda
campaigns. After Plaintiff Guo Wengui, a Chinese businessman and prominent political
dissident, retained the services of the law firm Clark Hill, PLC to assist him with an asylum
petition, someone –– whom the parties presume to be associated with the Chinese government ––
hacked into the firm’s computer servers. The hacker thereby gained access to Plaintiff’s
confidential information and then published that information on the Internet. Compounding
Wengui’s problems, the firm withdrew its representation in response to the attack. Plaintiff
asserts that in making his information vulnerable to a targeted hacking and subsequently
withdrawing from the matter, Defendants Clark Hill and its attorney Thomas Ragland are liable
for legal malpractice, breach of fiduciary duty, and breach of contract. Defendants now move to
dismiss all claims.
To succeed on his tort claims, Wengui must “point to an act (or omission)” that “resulted
in a loss” to him. See Seed Co., Ltd. v. Westerman, 

, 127 (D.D.C. 2012).
1
Plaintiff has successfully pleaded that the alleged mishandling of his information and subsequent
cyber attack resulted in damages. The withdrawal, however, may have added insult, but it did
not add injury. In addition, he cannot establish that the withdrawal breached Defendants’
contractual obligations to him. The Court therefore will dismiss all of Plaintiff’s claims to the
extent they rely on the theory that Defendants’ withdrawal constituted a legally remediable
wrong, but it will permit those claims to go forward that allege misrepresentations surrounding
and mishandling of his confidential information. Finally, it dismisses the demand for punitive
damages, as Plaintiff has not satisfied the high bar necessary for seeking such relief.
I.     Background
A. Factual Background
As it must at this juncture, the Court draws the facts from the Complaint. See Sparrow v.
United Air Lines, Inc., 

, 1113 (D.C. Cir. 2000). Plaintiff is a “highly successful
businessman” and “well-known Chinese dissident.” ECF No. 1 (Complaint), ¶ 10. While living
in China, he exposed “systemic corruption” and “widespread abuse of human rights” being
perpetrated by the Communist Party of China (CCP), China’s ruling political party. 

These activities naturally caught the attention of the CCP, which allegedly threatened his
livelihood and that of his family in order to put an end to his subversive activities. 

Fearing further persecution, Plaintiff fled his native country in 2015, and he now
resides in New York. 

Wengui’s escape from China has not prevented further
harassment. The Chinese government has, for example, sent emissaries to demonstrate against
him outside of his home as part of a larger “malicious negative propaganda campaign” organized
against him. 

24. In response to this cross-continental maltreatment, Plaintiff set
about applying for political asylum in the United States.
2
The source of this dispute dates back to Plaintiff’s negotiations with Defendant Thomas
Ragland, an attorney and partner at Defendant Clark Hill, PLC –– a firm comprising about 650
lawyers ––– regarding potential assistance with his asylum petition. 

Hoping to
secure Plaintiff as a client, Ragland assured him that both he and the firm more broadly “were
qualified, capable, and competent to represent plaintiff and to protect his interests fully and
professionally.” 

At a subsequent meeting in August 2016, Wengui conveyed to
Ragland and other Clark Hill attorneys “his standing and visibility as a prominent Chinese
political dissident” and “the risks associated with and attendant to plaintiff’s position as a
prominent visible critic of the Chinese regime.” 

Plaintiff also “warned of the
persistent and relentless cyber attacks that he and his associates had endured.” 

meetings with the firm, Wengui continued to warn Defendants that they should
“expect to be subjected to sophisticated cyber attacks.” 

In taking on Plaintiff’s case,
Defendants accordingly agreed to “take special precautions to prevent improper disclosure of
plaintiff’s sensitive confidential information.” 

These precautions would include
distinct measures to impede or evade cyber attacks, by, for example, “not placing any of
plaintiff’s information on the firm’s computer server,” as doing so would make the information
more vulnerable to hackings. 

the firm’s commitments regarding the protection of
his confidential information, Plaintiff hired Defendants, executing a letter of retention and paying
the firm a retainer fee of $10,000. 

Unfortunately for all parties involved, Plaintiff’s warnings of a cyber attack, apparently
as unheeded as Cassandra’s, proved prescient. On September 12, 2017, the firm’s computer
system was “hacked” –– again, both parties assume that the hacking was orchestrated by the
Chinese government –– “apparently without great difficulty.” 

The hacker obtained a
3
substantial amount of Plaintiff’s and his spouse’s personal information, such as their passport
identification numbers, as well as Plaintiff’s application for political asylum. 

This
information, including the contents of Wengui’s asylum petition, was then published and
disseminated on social media. 

Following the attack, the parties’ relationship quickly dissolved. On September 19, Clark
Hill’s General Counsel, Edward Hood, informed Plaintiff that the firm was terminating its
involvement with his case. 

Hood explained that the attack might require Ragland,
along with other members of the firm, to serve as witnesses at Plaintiff’s asylum proceeding, as
the hacking provided evidence of the political persecution from which Plaintiff sought asylum in
the United States. 

that because the Rules of Professional Conduct bar
attorneys from playing the dual role of witness and advocate, Defendants were required to
withdraw from the matter. 

At the time of that withdrawal, Plaintiff had filed an
asylum application and was awaiting a hearing. 

B. Procedural History
On September 19, 2019, Wengui filed this action against Defendants in the Superior
Court of the District of Columbia. Defendants then removed the case to this Court on diversity-
jurisdiction grounds. See ECF No. 1 (Notice of Removal) at 1–2. Plaintiff’s Complaint asserts
four counts: (1) breach of fiduciary duty; (2) breach of contract; (3) legal malpractice; and (4)
punitive damages. See Compl., ¶¶ 66–93. Defendants now move to dismiss all counts,
maintaining that they fail to state plausible claims for relief.
II.     Legal Standard
Federal Rule of Civil Procedure 12(b)(6) provides for the dismissal of an action where a
complaint fails to “state a claim upon which relief can be granted.” Although “detailed factual
4
allegations” are not necessary to withstand a Rule 12(b)(6) motion, Bell Atl. Corp. v. Twombly,

, 555 (2007), “a complaint must contain sufficient factual matter, accepted as true,
to state a claim to relief that is plausible on its face.” Ashcroft v. Iqbal, 

, 678 (2009)
(internal quotation omitted).
In evaluating Defendants’ Motion to Dismiss, the Court must “treat the complaint’s
factual allegations as true and must grant plaintiff ‘the benefit of all inferences that can be
derived from the facts alleged.’” 

(citation omitted) (quoting Schuler
v. United States, 

, 608 (D.C. Cir. 1979) (citing Leatherman v. Tarrant Cty.
Narcotics Intelligence & Coordination Unit, 

, 164 (1993)). The Court need not
accept as true, however, “a legal conclusion couched as a factual allegation” nor an inference
unsupported by the facts set forth in the Complaint. See Trudeau v. FTC, 

, 193
(D.C. Cir. 2006) (quoting Papasan v. Allain, 

, 286 (1986)). Finally, even at the
Rule 12(b)(6) stage, a court can review “documents attached as exhibits or incorporated by
reference in the complaint” or “documents upon which the plaintiff’s complaint necessarily
relies.” Ward v. D.C. Dep’t of Youth Rehab. Servs., 

, 119 (D.D.C. 2011)
(internal quotation marks and citations omitted).
III.   Analysis
In seeking dismissal here, Defendants argue that neither the cyber attack nor the
withdrawal constitutes a ground for a viable claim of legal malpractice, breach of fiduciary duty,
or breach of contract. In particular, they assert that their conduct surrounding these two events
did not breach any duty owed to Plaintiff. They also argue that their actions, even if improper,
did not cause him to suffer any actual damages. The Court will consider the two relevant events
5
in turn, examining the separate counts in that context, albeit slightly out of sequence.
A. The Cyber Attack
As recounted above, the Complaint alleges that: Plaintiff warned Defendants of the risk
of an impending cyber attack; Defendants misrepresented the manner in which they would
protect Plaintiff’s confidential information from such an attack; and Defendants then failed to
protect this information, allowing it to be retrieved and then publicly disseminated by a third-
party hacker. Defendants dispute that they made such representations and argue that, in any
event, the cyber attack did not actually harm Plaintiff. The Court, however, rejects Defendants’
premature attempt to litigate disputed facts at the pleading stage and will deny their Motion to
Dismiss as it pertains to the cyber attack.
Breach of Fiduciary Duty
Count I asserts that Defendants breached various fiduciary duties owed to Plaintiff,
including the duty of good faith, the duty of loyalty, and the duty to protect Plaintiff’s
confidential records. See Compl., ¶ 68. To succeed on a claim of breach of fiduciary duty in the
District of Columbia –– the relevant jurisdiction here ––– Plaintiff must establish “(1) the
existence of a fiduciary duty and (2) a violation of that duty that (3) proximately causes injury.”
Council on Am.-Islamic Relations Action Network, Inc. v. Gaubatz, 

, 353
(D.D.C. 2015) (citing Shapiro, Lifschitz & Schram, P.C. v. Hazard, 

, 75
(D.D.C. 1998)). It is axiomatic that the attorney-client relationship is fiduciary in nature. See
Thomas v. Nat’l Legal Prof’l Assocs., 

, 34 (D.D.C. 2009) (“[T]here is an ever
present fiduciary responsibility that arches over every aspect of the lawyer-client relationship.”)
(quoting Connelly v. Swick & Shapiro, P.C., 

, 1268 (D.C. 2000)). Defendants
6
argue, however, that they did not breach any recognized fiduciary duties owed to Plaintiff and, in
any event, did not cause any actual injury to him.
First, as to breach of duty, Wengui does not allege, contrary to Defendants’ assertion,
simply that “because there was a cyber incident, Defendants must have put up . . . ‘unreasonable’
security measures.” ECF No. 12 (Def. MTD) at 12. It is true that some courts have gone so far
as to hold that corporations maintain a duty to consumers to “‘protect against a criminal act of a
third person,’ which could include hacking into a private data system, ‘if it is alleged that the
entity had reason to anticipate the criminal act.’” Attias v. CareFirst, Inc., 

, 21
(D.D.C. 2019) (quoting In re Arby’s Restaurant Group Inc., Litig., 

, at *5
(N.D. Ga. Mar. 5, 2018)). As a result, those courts have held that if a corporation fails to prevent
a forseeable cyber attack, it thereby breaches fiduciary duties owed its customers. 

however, need not go so far as to find that any corporation’s failure to protect against any
forseeable cyber attack, standing on its own, constitutes a breach of fiduciary duty.
A fiduciary relationship –– like that between a lawyer and client –– “is founded upon
trust or confidence reposed by one person in the integrity and fidelity of another.” Democracy
Partners v. Project Veritas Action Fund, 

, 121 (D.D.C. 2018) (quoting
Bolton v. Crowley, Hoge, & Fein, P.C., 

, 584 (D.C. 2015)). The duty of loyalty in
this context “has been described as one of ‘uberrima fides,’ which means, most abundant good
faith, requiring absolute and perfect candor, openness and honesty, and the absence of any
concealment or deception.” Herbin v. Hoeffel, 

, 197 (D.C. 2002) (emphasis added)
(quotation marks omitted); see also Seed 

–27 (attorney breaches
fiduciary duties when providing clients with “incorrect and misleading” advice); 

(“Disclosure of client confidences is contrary to the fundamental principle that the
7
attorney owes a fiduciary duty to her client and must serve the client’s interest with the utmost
loyalty and devotion.”) (quotation marks omitted).
Plaintiff has sufficiently pleaded that Defendants breached their duties of loyalty and
good faith by misrepresenting the manner in which they would protect his confidential
information in order to secure his business. Although they promised to take special precautions,
they placed that information, including his asylum application, on their server and conveyed it
via a firm email account –– in direct contravention of his instructions –– leaving Plaintiff
vulnerable to the precise sort of machinations he had forewarned counsel about. See Compl., ¶¶
2–3, 40–43. He further alleges that the firm breached the applicable duty of care in its treatment
of his information by utilizing security measures that were “inadequate, unreasonable, and fell
woefully far short of [D]efendants’ promises, assurances, obligations, and commitments to
provide adequate security measures.” 

Discovery may reveal that Defendants never
made any such misrepresentations to Plaintiff and were not negligent in their handling of his
confidential information, but the well-pleaded allegations in the Complaint preclude granting
Defendants’ Motion to Dismiss.
Defendants argue in the alternative that even if they misled Plaintiff and were negligent
in handling his confidential information, the cyber attack did not actually cause him any
cognizable harm. Under D.C. law, not surprisingly, a breach of a fiduciary duty requires a
showing of injury or damages. See Headfirst Baseball LLC v. Elwood, 

, 14
(D.D.C. 2017) (canvassing D.C. caselaw); see also Becker v. Colonial Parking, Inc., 

, 1136 (D.C. Cir. 1969) (“A simple breach of duty having no causal connection with the
injury, we have admonished, cannot produce legal responsibility.”) (quotation marks omitted).
In arguing that Plaintiff has not made such a showing, Defendants rely on Randolph v. ING Life
8
Insurance & Annuity Company, 

(D.C. 2009), where the District of Columbia
Court of Appeals held that an “increased risk of future identity theft” does not qualify as an
“actionable” injury “required to maintain a suit for common-law breach of fiduciary duty.” 

Although this case, like Randolph, concerns a data breach, the similarities end there. In
Randolph, an unknown burglar stole a laptop computer owned by the employee of an insurance
company, which contained the plaintiffs’ insurance information, including their names,
addresses, and social-security numbers. 

The DCCA reasoned that the plaintiffs had
failed to plead “actual harm” because they had not alleged that the burglar stole the laptop in
order to access their information or that their information had even been accessed since the
laptop was stolen. 

Instead, they simply alleged “the anticipation of future injury
[identity theft] that has not materialized.” 

see also In re Sci. Applications Int’l Corp.
(SAIC) Backup Tape Data Theft Litig., 

, 19 (D.D.C. 2014) (dismissing case
where plaintiffs’ information, along with other items, was allegedly stolen from parked car
because “mere loss of data –– without evidence that it has been either viewed or misused –– does
not constitute an injury sufficient to confer standing”).
Plaintiff, however, has gone well beyond pleading the anticipation of future injury and
has instead alleged an actual injury resulting from Defendants’ conduct. According to the
Complaint, the Chinese government or someone associated with it hacked Defendants’ server for
the express purpose of stealing Plaintiff’s information. The hacker then “published” the
confidential material, including Plaintiff’s application for political asylum and passport
identification number, on social media. See Compl., ¶¶ 43–44. This chain of events occurred in
the context of a broader propaganda campaign orchestrated by the CCP, one that included
9
utilizing social-media platforms to spread information about Plaintiff and mobilizing
demonstrators to protest his presence in the United States. 

Wengui therefore does
not “speculate” as to potential uses of the stolen information; it has already been employed as
part of the CCP’s persecution and harassment of him. The Court therefore rejects Defendants’
invitation to find that the cyber attack did not actually harm Plaintiff as a matter of law.
Legal Malpractice
Count III alleges legal malpractice, asserting that Defendants breached their “common
law” and “professional and ethical duties and obligations to plaintiff . . . by failing to use the
required degree of professional care and skill in representing plaintiff,” and in failing to maintain
“reasonable security measures to secure their computer system from unauthorized access, as
required and promised to plaintiff.” 

The elements of a legal-malpractice claim are similar to, but slightly distinct from, those
for breach of fiduciary duty. See Hickey v. Scott, 

, 67 (D.D.C. 2010) (quoting
Shapiro, Lifschitz & 

). As Justice O’Conner has commented,
“Lawyers are professionals, and as such they have greater obligations.” Zauderer v. Office of
Disciplinary Counsel, 

, 676 (1985) (O’Connor, J., concurring). To succeed on a
legal-malpractice claim in the District of Columbia, “the plaintiff must show that (1) the
defendant was employed as the plaintiff’s attorney, (2) the defendant breached a reasonable duty,
and (3) that breach resulted in, and was the proximate cause of, the plaintiff’s loss or damages.”
Beach TV Props., Inc. v. Solomon, 

, 93 (D.D.C. 2018) (quoting Martin v.
Ross, 

, 862 (D.C. 2010)).
For the reasons recounted above, this count may also proceed as to the cyber attack
because the Complaint identifies a breach of the duty of reasonable care owed by attorneys to
10
their clients and actual damages. To be sure, attorneys cannot be held “liable for mistakes made
in the honest exercise of professional judgment.” Biomet Inc. v. Finnegan Henderson LLP, 

, 665 (D.C. 2009). Honest mistakes, however, are a far cry from the conduct alleged
here: misrepresentations made in order to secure a prospective client, the failure to follow
promised procedures to adequately secure confidential information, and damages. See Swann v.
Waldman, 

, 846 (D.C. 1983) (finding plaintiff’s allegations that attorney lied to
him about attempting to obtain continuance and was negligent in failing to obtain expert witness
sufficient to withstand motion for summary judgment on legal-malpractice claim).
Breach of Contract
Plaintiff also brings a claim for breach of contract in Count II, alleging that the firm
violated its contractual obligation to provide “competent representation” by undertaking a matter
beyond its “professional or technical competence” and “neglecting to undertake reasonable
security measures.” Compl., ¶ 76. “To prevail on a claim of breach of contract, a party must
establish (1) a valid contract between the parties; (2) an obligation or duty arising out of
the contract; (3) a breach of that duty; and (4) damages caused by breach.” United States
Conference of Mayors v. Great-W. Life & Annuity Ins. Co., 

, 129 (D.D.C.
2018), aff’d, 767 F. App’x 18 (D.C. Cir. 2019) (quoting Tsintolas Realty Co. v. Mendez, 

, 187 (D.C. 2009)). Defendants concede that the parties entered into a valid contract
(in this case, an engagement letter) that set forth their “respective obligations and expectations.”
See Def. MTD at 14. They dispute, however, that Plaintiff has alleged a breach of that contract.
Accepting the facts in the Complaint as true, Wengui has met his pleading burden –– if
just barely –– of establishing that Defendants did not meet their contractual obligations. In
particular, he alleges that they violated their obligations to provide “competent representation”
11
and keep Plaintiff “reasonably informed about the status of the matter,” Def. MSJ, Exh. A
(Retainer Agreement) at 2, by misleading him as to the manner in which his information would
be handled in the future, and then by failing to inform him when they eventually placed that
information on their server. For the reasons stated in regard to the prior counts, this claim can
proceed on the basis of failing to safeguard his information, which could amount to incompetent
representation.
Going forward, however, Plaintiff may need to clarify this count because he appears to be
exploring several different theories as to how Defendants breached the retainer agreement. First,
he seems to be laying the groundwork for the introduction of extrinsic evidence. This evidence
might demonstrate that Defendants orally amended the terms of the contract in making
representations regarding higher-level protection of Plaintiff’s personal information. See Segal
Wholesale, Inc. v. United Drug Serv., 

, 784 (D.C. 2007) (extrinsic evidence
“consistent with the terms of a partially integrated agreement is permissible”); see also
Stamenich v. Markovic, 

, 455 (D.C. 1983) (extrinsic evidence permissible to
demonstrate “a contemporaneous agreement in addition to and not inconsistent with or a
variation of the written agreement between the same parties, which was an essential inducement
of the written contract” or where “fraud, mistake, or duress is alleged”).
Alternatively, Plaintiff also appears to be seeking to demonstrate that Defendants violated
a general obligation to provide competent representation in providing insufficient protection of
client materials. See Compl., ¶ 76. Or, finally, he may be asserting that Defendants breached the
“implied duty of good faith and fair dealing” that D.C. courts have found to be contained within
all contracts, one that prohibits “evad[ing] the spirit of the contract” or “willfully render[ing]
imperfect performance.” Murray v. Wells Fargo Home Mortg., 

, 321 (D.C. 2008)
12
(internal quotation marks omitted). Plaintiff will have to choose among these theories, and
provide much more substantial support for them, should he decide to defend this count against
further dispositive motions.
Duplicative Nature of Claims
Finally, the Court rejects Defendants’ argument that the three claims chronicled above
are necessarily “duplicative” of one other and thus that only one can proceed past the pleading
stage. Under D.C. law, when a plaintiff’s breach-of-fiduciary-duty claim rests on the same
factual allegations and requests the same relief as his professional-malpractice claim, a court “as
a matter of judicial economy, should dismiss” one of the claims as duplicative. See N. Am.
Catholic Educ. Programming Found., Inc. v. Womble, Carlyle, Sandridge & Rice, PLLC, 887 F.
Supp. 2d 78, 84 (D.D.C. 2012) (collecting cases). The same holds true for tort claims that arise
out of the same factual circumstances as a breach-of-contract claim. See 

(“Under D.C. law, for a plaintiff to recover in tort for conduct that also constitutes a breach
of contract, ‘the tort must exist in its own right independent of the contract, and any duty upon
which the tort is based must flow from considerations other than the contractual relationship.’”)
(quoting Choharis v. State Farm Fire & Cas. Co., 

, 1089 (D.C. 2008)).
Down the line, Plaintiff may indeed have to choose among his three common-law claims.
At this early stage, however, it would be premature to dismiss any of the three as duplicative,
given the fact-dependent nature of such an inquiry. While the counts all relate to the cyber attack
generally, they may be predicated on distinct wrongs surrounding the attack. Defendants’
conduct may have, for example, violated a Rule of Professional Responsibility –– potentially
creating liability for legal malpractice –– which does not necessarily give rise to a breach of
fiduciary duty. See, e.g., 

–68 (finding fee-related fiduciary-duty
13
claim distinct from legal-malpractice claim concerning breach of Rule of Professional
Responsibility in dispute over fees).
Finally, considerations of judicial economy do not weigh in favor of dismissal of any
claims here. Allowing all three to proceed will not expand the scope of the case or potential
avenues of discovery. At this juncture, therefore, the Court will decline Defendants’ invitation to
narrow Plaintiff’s potential theories of relief. In sum, the Court will deny Defendants’ Motion to
Dismiss Counts I, II, and III to the extent that they rely on the theft of his personal information
via cyber attack and Defendants’ misrepresentations relating to protections from that attack.
B. The Withdrawal
By contrast, Defendants’ withdrawal from Plaintiff’s asylum process –– or, as Plaintiff
labels the incident, their “firing” of him –– does not provide grounds for a viable legal claim. As
described above, Defendants terminated their representation of Wengui following the cyber
attack. They explained in a letter to him that the attack had created “several ethical
complications” related to their representation. See ECF No. 12-5 (Clark Hill Termination Letter)
at 1. Defendants’ “primary concern” was that “the cyberattack would require Mr. Ragland ––
and possibly other members of the Firm –– to be a witness in [Plaintiff’s] asylum proceeding”
because they now had first-hand knowledge of China’s prior persecution of Plaintiff, a factor
relevant to that proceeding. 

Motion to Dismiss, Defendants argue that not only did their withdrawal not
breach any duty owed to Wengui, but that it was in fact required by the Rules of Professional
Conduct. See D.C. R. Prof. Conduct 1.16(a)(1) (D.C. Bar 2010) (attorney must withdraw from
representing client if ongoing representation would violate Rule of Professional Conduct).
Defendants again rely on Rule of Professional Conduct 3.7(a), which states that an attorney
14
“shall not” act as an advocate for a client when she is “likely to be a necessary witness” in the
proceeding. They also invoke Rule 1.7(b)(4), which requires withdrawal if the lawyer’s ability
to represent a client “reasonably may be adversely affected by the lawyer’s responsibilities to or
interests in a third party or the lawyer’s own financial, business, property, or personal interests.”
Defendants explain that following the cyber attack, they had their “own interests in investigating
and mitigating the incident –– which conflicted with their representation of Plaintiff.” Def. MTD
at 8.
Regarding Rule 3.7(a), Plaintiff counters that Defendants’ withdrawal was premature at
best, given that Wengui “did not have an asylum interview, let alone any hearing” and “had not
asked that Mr. Ragland be a witness.” ECF No. 14 (Pl. Opp.) at 8. Additionally, Plaintiff argues
that Rule 1.7(b)(4) raises “inherently factual issues” as to whether the cyber attack created a
conflict of interest, issues that cannot be resolved at this stage. 

The Court need not settle these disputes because Wengui’s fiduciary and malpractice
claims run aground on a different shoal. Plaintiff has not sufficiently pled that Defendants’
conduct, even if improper, damaged or prejudiced him. Both of these claims require a showing
of damage or loss. See, e.g., Seed 

(plaintiff bringing malpractice
claim “must point to an act (or omission) by the . . . [D]efendants that resulted in a loss” to him);

–09 (same regarding breach of fiduciary duty). As one court in this
district described the applicable test when considering legal malpractice, the claim “does not
accrue until the plaintiff-client has sustained some injury from the malpractice[,]’ and the ‘mere
breach of a professional duty, causing only nominal damages, speculative harm, or the threat of
future harm — not yet realized — does not suffice to create a cause of action for negligence.’”
15
Venable LLP v. Overseas Lease Grp., Inc., 

, at *2 (D.D.C. July 28, 2015)
(quoting Knight v. Furlow, 

, 1235 (D.C. 1989)).
Plaintiff’s claims predicated on the withdrawal do not plead damages that rise above the
“speculative” or “nominal” level. Wengui does not dispute, for example, that at the time of
Defendants’ withdrawal, his asylum application had already been filed and he was awaiting an
initial interview, which can take years to schedule. See Def. MTD at 20. He also does not claim
to have experienced difficulties in finding a successor counsel with immigration-law expertise.
As a result, Wengui has failed to factually substantiate his conclusory allegations that
Defendants’ withdrawal caused him “undue delay and complications,” reputational harm, and
prejudiced the outcome of his case. See Compl., ¶ 60; see also Hinton v. Stein, 

, 33 (D.D.C. 2003) (rejecting legal-malpractice claim where “[a]lthough there was a brief
attorney-client relationship between the parties, defendant was justified in seeking to withdraw[,]
. . . [h]er motion to withdraw was filed promptly[,] and there is no indication that plaintiff
suffered any injury as a result of her withdrawal”). Put differently, the Complaint does not allege
that Plaintiff “suffered any injury because of Defendant[s’] failure to represent him,” and the
Court will therefore dismiss his fiduciary-duty and malpractice claims to the extent that they rely
on the withdrawal as the purported harm. 

claim based on the withdrawal is somewhat different, but
also merits dismissal. A party may prevail on such a claim even if he “fails to prove actual
damages,” although he will be “entitled to no more than nominal damages.” Wright v. Howard
Univ., 

, 753 (D.C. 2013) (quoting Bedell v. Inver Housing Inc., 

, 205
(D.C. 1986)). With regard to the withdrawal, however, Plaintiff has failed to even gesture at
provisions of the contract that Defendants breached in terminating their representation or at
16
extrinsic evidence that might support such a claim. See Retainer Agreement at 2, 4 (attorney
may terminate agreement for reasons permitted under Rules of Professional Conduct or if any
conflict of interest arises).
C. Punitive Damages
The Court last tackles Count IV, which asserts a claim of punitive damages. Specifically,
the Complaint alleges that Defendants violated Plaintiff’s “rights” in an “intentional deliberate,
[and] outrageous” manner. See Compl., ¶ 90. To begin, punitive damages are a form of relief,
not a stand-alone cause of action. Although the count cannot survive independently, the Court
considers whether such damages are available to Wengui at all. “To recover punitive damages,”
a plaintiff must establish that “the tortious act was committed with ‘an evil motive, actual malice,
deliberate violence or oppression’ or in support of ‘outrageous conduct in willful disregard of
another's rights.’” Embassy of Nigeria v. Ugwuonye, 

, 14 (D.D.C. 2013) (quoting
Robinson v. Sarisky, 

, 906 (D.C. 1988)). The imposition of punitive damages thus
requires conduct that is “replete with malice.” See Dalo v. Kivitz, 

, 40 (D.C. 1991);
see also Hendry v. Pelland, 

, 400 (D.C. Cir. 1996) (“District of Columbia law
allows punitive damages only if the attorney acted with fraud, ill will, recklessness, wantonness,
oppressiveness, or willful disregard of the clients’ rights.”).
The Complaint does not plead such “outrageous” activity. Instead, if true, Wengui’s
allegations suggest that Defendants’ failure to protect his information against hacking may mean
that the firm acted “imprudently or incompetently, but they fall far short of showing the blatant
wrongdoing necessary for a jury to infer that [Defendants] acted either with deliberate malice or
conscious disregard of [their client’s] rights.” 

; see also Embassy of

(rejecting punitive-damages claim where attorney stole client’s tax
17
refund and deposited it in firm’s account). Plaintiff does not allege, for example, that Defendants
intentionally left their server vulnerable to third-party hackings or stood to profit from such an
event in any way. The Court therefore dismisses Count IV of the Complaint.
IV.    Conclusion
For the foregoing reasons, the Court will grant in part and deny in part Defendants’
Motion to Dismiss. A separate Order consistent with this Opinion will be issued this day.
/s/ James E. Boasberg
JAMES E. BOASBERG
United States District Judge
Date: February 20, 2020
18