Alston & Bird Privacy, Cyber & Data Strategy Blog

Rhode Island’s New Cybersecurity Law for Nonbank Financial Institutions

August 22, 2025 By Kim Peretti, Alysa Austin, Ashley Miller and Lance Taubin

Rhode Island has enacted Senate Bill 603 (SB603), effective July 2, 2025, establishing a comprehensive cybersecurity framework for nonbank financial institutions licensed by the state’s Department of Business Regulation (DBR). Although SB603 is closely modeled after the New York Department of Financial Services’ (NYDFS) Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), SB603 introduces several notable deviations that may influence compliance strategies—particularly for institutions … [Read more] about Rhode Island’s New Cybersecurity Law for Nonbank Financial Institutions

DOJ Settles Cyber Qui Tam Action Against Illumina for Allegedly Unsecured Genomic Sequencing Products

August 15, 2025 By Kim Peretti, Andrew Liebler, Lance Taubin, Samantha Skolnick and Andrew Rice

On July 31, 2025, the United States Department of Justice (DOJ) announced a $9.8 million settlement with Illumina, Inc. (Illumina) to resolve alleged False Claims Act (FCA) violations related to cybersecurity vulnerabilities and shortcomings in its … [Read more] about DOJ Settles Cyber Qui Tam Action Against Illumina for Allegedly Unsecured Genomic Sequencing Products

CISA and FBI Joint Update on Scattered Spider: Evolving Threats and Mitigation Guidance

August 11, 2025 By Kim Peretti and Alysa Austin

The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and international partners issued an updated advisory on July 29, 2025, highlighting the evolving tactics, techniques, and procedures (TPPs) of the … [Read more] about CISA and FBI Joint Update on Scattered Spider: Evolving Threats and Mitigation Guidance

Microsoft Announces Two New On-Premises SharePoint Vulnerabilities

July 30, 2025 By Jennifer Everett, Kim Peretti and Carson Kuck

Introduction On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed to the … [Read more] about Microsoft Announces Two New On-Premises SharePoint Vulnerabilities

CPPA Board Votes to Adopt CCPA Regulations; Open DROP Rules to Public Comment

July 25, 2025 By Dorian Simmons

On July 24, 2025, the California Privacy Protection Agency (“CPPA”) Board voted to adopt draft regulations under the California Consumer Privacy Act (“CCPA”) concerning cybersecurity audits, risk assessments, automated decisionmaking technologies, … [Read more] about CPPA Board Votes to Adopt CCPA Regulations; Open DROP Rules to Public Comment