I'm in favor of the work done by the security researchers, and the defense offered by the EFF. However, your first comment was such a surface level understanding, and I wanted to bring it back to reality.

The general form of such a "legal threat" (threat relating to the law) is perfectly reasonable, normal, and legal (as in, conforming to the law). It's a standard part of practicing law.

However, in this specific case, they do appear to have broken one professional rule, regarding the threat of criminal prosecution conditional on a civil demand.

Aside from that one professional rule, the Fizz/Buzz letter was probably perfectly technically accurate. Whether the DA would take up the case, I doubt, but that's up to their discretion/advice from the DoJ, not based on the legal code.

I think Fizz/Buzz were incredibly foolish to send such a letter, as the researchers were essentially good samaritans being punished for their good deed (probably only because customers don't like it when supposedly professional organizations are found to be in need of such basic good deeds from good samaritans, and Fizz/Buzz would rather punish the good samaritans instead of "suffering" the "embarrassment" of public knowledge).

You seem to have the facts of this case incorrect. They definitely broke the law by hacking this app without prior authorization. You may disagree with the law but I don’t understand how you made the leap to calling for the suspension of specific attorneys.