Search Results for: ransomware

Rhode Island’s New Cybersecurity Law for Nonbank Financial Institutions

August 22, 2025 By Kim Peretti, Alysa Austin, Ashley Miller and Lance Taubin

Rhode Island has enacted Senate Bill 603 (SB603), effective July 2, 2025, establishing a comprehensive cybersecurity framework for nonbank financial institutions licensed by the state’s Department of Business Regulation (DBR). Although SB603 is closely modeled after the New York Department of Financial Services’ (NYDFS) Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), SB603 introduces several […]

CISA and FBI Joint Update on Scattered Spider: Evolving Threats and Mitigation Guidance

August 11, 2025 By Kim Peretti and Alysa Austin

The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and international partners issued an updated advisory on July 29, 2025, highlighting the evolving tactics, techniques, and procedures (TPPs) of the cybercriminal group Scattered Spider. First identified in 2023, this group is notorious for targeting large enterprises and their contracted IT help desks, […]

New York Department of Health Issues Urgent Cybersecurity Warning Following U.S. Strikes on Iranian Nuclear Facilities

July 14, 2025 By Kim Peretti, Kate Hanniford, Angela Burnette, Jennifer Pike and Andrew Rice

The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following U.S. military strikes on the Fordow, Natanz, and Isfahan nuclear facilities in Iran. The Advisory warns that “intelligence sources indicate a high likelihood […]

UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack

July 2, 2025 By Hanna Hewitt and Kelly Hagedorn

On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK users. The penalty followed a joint investigation with the Office of the Privacy Commissioner of Canada, highlighting how regulators are […]

UK Government Publishes Cyber Governance Code of Practice for Boards and Directors

April 10, 2025 By Hanna Hewitt and Kelly Hagedorn

On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK’s data protection regulator is actively investigating and, in some instances, fining companies for personal data breaches caused by cybersecurity issues. It is therefore more important […]