Kim Peretti

About Kim Peretti

A former DOJ cybercrime prosecutor and former director of PwC's cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team, Kim is recognized by select publications and is frequently quoted by the media.

[Read Bio]

United States, International Coalition Issue Joint Warning of Increasing PRC Backed Threat Activity

September 10, 2025 By Kim Peretti, Lance Taubin and Andrew Rice

On August 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the United States Department of Defense Cyber Crime Center (DC3) issued a joint advisory (Advisory) highlighting increased cyber threat activity linked to People’s Republic of China (PRC) affiliated threat […]

CISA GIVES ITSELF AN EXTENSION FOR CYBER INCIDENT REPORTING RULES

September 10, 2025 By Kim Peretti and Scott Hilsen

The Cybersecurity and Infrastructure Security Agency (CISA) has extended the deadline for it to issue final rules about mandatory incident reporting for critical infrastructure entities. The original deadline of October 2025 was pushed by six months to May 2026. Under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), passed in 2022, critical infrastructure entities […]

Rhode Island’s New Cybersecurity Law for Nonbank Financial Institutions

August 22, 2025 By Kim Peretti, Alysa Austin, Ashley Miller and Lance Taubin

Rhode Island has enacted Senate Bill 603 (SB603), effective July 2, 2025, establishing a comprehensive cybersecurity framework for nonbank financial institutions licensed by the state’s Department of Business Regulation (DBR). Although SB603 is closely modeled after the New York Department of Financial Services’ (NYDFS) Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), SB603 introduces several […]

DOJ Settles Cyber Qui Tam Action Against Illumina for Allegedly Unsecured Genomic Sequencing Products

August 15, 2025 By Kim Peretti, Andrew Liebler, Lance Taubin, Samantha Skolnick and Andrew Rice

On July 31, 2025, the United States Department of Justice (DOJ) announced a $9.8 million settlement with Illumina, Inc. (Illumina) to resolve alleged False Claims Act (FCA) violations related to cybersecurity vulnerabilities and shortcomings in its genomic sequencing products. Of the total settlement, $1.9 million will be paid to the qui tam whistleblower who brought […]

CISA and FBI Joint Update on Scattered Spider: Evolving Threats and Mitigation Guidance

August 11, 2025 By Kim Peretti and Alysa Austin

The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and international partners issued an updated advisory on July 29, 2025, highlighting the evolving tactics, techniques, and procedures (TPPs) of the cybercriminal group Scattered Spider. First identified in 2023, this group is notorious for targeting large enterprises and their contracted IT help desks, […]