Kim Peretti

About Kim Peretti

A former DOJ cybercrime prosecutor and former director of PwC's cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team, Kim is recognized by select publications and is frequently quoted by the media.

[Read Bio]

Microsoft Announces Two New On-Premises SharePoint Vulnerabilities

July 30, 2025 By Jennifer Everett, Kim Peretti and Carson Kuck

Introduction On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed to the internet. CVE-2025-49704 is a remote code execution (RCE) vulnerability, which allows an attacker to run malicious code on a target system. CVE-2025-49706 is […]

Inside the SK Telecom Data Breach: What Happened and What Companies Can Learn

July 15, 2025 By Hanna Hewitt and Kim Peretti

In April 2025, SK Telecom—South Korea’s largest mobile carrier—formally notified regulators of a significant data breach that compromised sensitive SIM card data belonging to nearly 27 million users. Following an investigation, the Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) concluded in July 2025 that SK Telecom was negligent in […]

New York Department of Health Issues Urgent Cybersecurity Warning Following U.S. Strikes on Iranian Nuclear Facilities

July 14, 2025 By Kim Peretti, Kate Hanniford, Angela Burnette, Jennifer Pike and Andrew Rice

The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following U.S. military strikes on the Fordow, Natanz, and Isfahan nuclear facilities in Iran. The Advisory warns that “intelligence sources indicate a high likelihood […]

NYDFS Issues Guidance on Heightened Cybersecurity and Sanctions Risk from Global Conflict

June 27, 2025 By Kim Peretti and Zain Haq

Overview On June 23, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter encouraging all regulated entities to review their cybersecurity and sanctions compliance programs in light of heightened geopolitical tensions. The letter, titled “Impact of Global Conflict on Cybersecurity and Sanctions Risk,” emphasizes the elevated risk environment and reaffirms […]

Are You Ready For The Department Of Justice’s Bulk Data Transfer Rule?

June 23, 2025 By Kim Peretti, Daniel Felz and Scott Hilsen

On July 8, 2025, the Department of Justice (“DOJ”) is set to lift its self-imposed pause on enforcing certain violations of its Rule Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the “Bulk Data Rule” or “DOJ Rule”), 28 CFR Part 202. The Bulk Data Rule, […]