Kim Peretti

About Kim Peretti

A former DOJ cybercrime prosecutor and former director of PwC's cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team, Kim is recognized by select publications and is frequently quoted by the media.

[Read Bio]

OFAC Announces Sanctions Against Chinese-Based Cybersecurity Company

January 13, 2025 By Kim Peretti and Carson Kuck

On January 3, 2025, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced sanctions on a Chinese-based cybersecurity company, Integrity Technology Group, Inc. (“Integrity Tech”). These sanctions were in response to Integrity Tech’s “role in multiple computer intrusion incidents against U.S. victims.” The incidents have been attributed to Flax Typhoon, a Chinese […]

New York Amends Data Breach Notification Law with Immediate Implications

January 6, 2025 By Kim Peretti and Alysa Austin

In late December 2024, the New York Governor signed two bills (S2659B and S2376B) amending the state’s data breach notification law (N.Y. Gen. Bus. Law § 899-aa), to expand the definition of reportable personal information and impose new covered entity reporting obligations in the event of a data breach. Effective immediately, companies will have 30 […]

Department of Homeland Security Releases Recommended Framework for AI in Critical Infrastructure

November 20, 2024 By Kim Peretti and Kristen Bartolotta

On November 14, 2024, the Department of Homeland Security (“DHS”) announced a set of voluntary recommendations called the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure” (“Framework”). Recognizing the severe consequences associated with disruption to the nation’s critical infrastructure, DHS released the framework to address certain risks associated with the use of AI […]

CISA, FBI, NSA, and International Partners Issue Joint Cybersecurity Advisory for Top Routinely Exploited Vulnerabilities in 2023

November 15, 2024 By Seol Namgoong and Kim Peretti

On November 12, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”), the Federal Bureau of Investigation (“FBI”), National Security Agency (“NSA”) and certain international partners (including the Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre and New Zealand Computer Emergency Response Team, and the United […]

Congressional Research Service Report Sheds Light on October Telecommunications Attack by PRC-Linked Threat Actor

November 7, 2024 By Kim Peretti, Kellen Dwyer and Andrew Rice

In early October 2025, several media outlets reported that United States telecommunications services had been infiltrated by state affiliated threat actors linked to the People’s Republic of China (“PRC”). These reports were followed by a joint press release on October 25, 2024 by the Federal Bureau of Investigation (“FBI”) and the Cybersecurity and Infrastructure Security […]