On January 3, 2025, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced sanctions on a Chinese-based cybersecurity company, Integrity Technology Group, Inc. (“Integrity Tech”). These sanctions were in response to Integrity Tech’s “role in multiple computer intrusion incidents against U.S. victims.” The incidents have been attributed to Flax Typhoon, a Chinese […]
New York Amends Data Breach Notification Law with Immediate Implications
In late December 2024, the New York Governor signed two bills (S2659B and S2376B) amending the state’s data breach notification law (N.Y. Gen. Bus. Law § 899-aa), to expand the definition of reportable personal information and impose new covered entity reporting obligations in the event of a data breach. Effective immediately, companies will have 30 […]
Department of Homeland Security Releases Recommended Framework for AI in Critical Infrastructure
On November 14, 2024, the Department of Homeland Security (“DHS”) announced a set of voluntary recommendations called the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure” (“Framework”). Recognizing the severe consequences associated with disruption to the nation’s critical infrastructure, DHS released the framework to address certain risks associated with the use of AI […]
CISA, FBI, NSA, and International Partners Issue Joint Cybersecurity Advisory for Top Routinely Exploited Vulnerabilities in 2023
On November 12, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”), the Federal Bureau of Investigation (“FBI”), National Security Agency (“NSA”) and certain international partners (including the Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre and New Zealand Computer Emergency Response Team, and the United […]
Congressional Research Service Report Sheds Light on October Telecommunications Attack by PRC-Linked Threat Actor
In early October 2025, several media outlets reported that United States telecommunications services had been infiltrated by state affiliated threat actors linked to the People’s Republic of China (“PRC”). These reports were followed by a joint press release on October 25, 2024 by the Federal Bureau of Investigation (“FBI”) and the Cybersecurity and Infrastructure Security […]