We are seeing an increase in sophisticated social engineering attacks in which threat actors impersonate financial institutions and use accurate banking information to trick employees into disclosing credentials or...more
10/27/2025
/ Bank Accounts ,
Business E-Mail Compromise (BEC) ,
Employee Training ,
Financial Institutions ,
Fraud ,
Fraudulent Transfers ,
Internal Controls ,
Phishing Scams ,
Risk Management ,
Social Engineering ,
Verification Requirements
On Oct. 8, California Governor Gavin Newsom, signed the California Opt Me Out Act (“AB566”) into law. AB566 amends the California Consume Privacy Act (“CCPA”) by requiring companies that develop or maintain internet browsers...more
10/14/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
New Legislation ,
Opt-Outs ,
Privacy Laws ,
State Privacy Laws ,
Web Browsers
This month is the 22nd annual Cybersecurity Awareness Month, cosponsored by the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance. CISA’s theme this year is “Building a Cyber Strong...more
The Pentagon has published the new rule to the Federal Register titled “Assessing Contractors’ Implementation of Cybersecurity Requirements.” ...more
9/16/2025
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Department of Defense (DOD) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Regulatory Requirements ,
Reporting Requirements ,
Supply Chain
On June 6, a new Executive Order (EO) on cybersecurity altered the compliance landscape for federal contractors. The order pauses the imminent requirement for software vendors to formally attest compliance with the Secure...more
Government contractors should be on high alert following the recent announcement that Raytheon Company, its parent RTX Corporation, and Nightwing Group, LLC, have agreed to pay $8.4 million to resolve allegations of violating...more
7/16/2025
/ Compliance ,
Corporate Counsel ,
Cybersecurity ,
Data Security ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
Regulatory Requirements ,
Risk Management ,
Settlement ,
Whistleblowers
Cybercriminals are obtaining copies of real or fake employee handbooks and distributing them by email, spoofing a legitimate employer email address so that the email and its attachment appear authentic. The email asks the...more
In a landmark privacy enforcement action, the California Privacy Protection Agency (CPPA) has reached a settlement with American Honda Motor Co. (“Honda”) following allegations that the automaker violated the CCPA. The...more
3/18/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Honda ,
Privacy Laws ,
Settlement ,
State Privacy Laws
The California Privacy Protection Agency (“CPPA”) has moved forward with an enforcement action and settlement with two data brokers resulting from its investigative sweep of data broker registration compliance under the...more
On Feb. 20, the Securities and Exchange Commission announced the creation of the Cyber and Emerging Technologies Unit (CETU) stating its focus will be on “combatting cyber-related misconduct and to protect retail investors...more
3/3/2025
/ Blockchain ,
Cryptoassets ,
Cryptocurrency ,
Cybersecurity ,
Emerging Technologies ,
Enforcement Actions ,
Fraud ,
Investors ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Securities Regulation
2024 was another active year in cybersecurity, with high-profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
On Oct. 21, the new Federal Acquisition Regulation (“FAR”) rule (the “CUI Rule”) aligning requirements for federal contractors to properly safeguard Controlled Unclassified Information (“CUI”) as outlined in Executive Order...more
This month is the 21st annual Cybersecurity Awareness Month, cosponsored by the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance. This year’s theme is “Secure Our World,” continuing what...more
Are you prepared for the new SEC Rule on Cybersecurity Incident and Risk Management Disclosures? Don't let your business get caught off guard! This webinar will cover important points about the rule and how to effectively...more
1/19/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Incident Response Plans ,
New Rules ,
Popular ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Webinars
2023 was another active year in cybersecurity, with high profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
Last month the Federal Acquisition Regulatory (FAR) Council announced a major proposal regarding cybersecurity incident reporting and information. Comments currently are now due by February 2, 2024....more
11/14/2023
/ Compliance ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Internet of Things ,
Popular ,
Reporting Requirements ,
Risk Assessment
This month is the 20th annual Cybersecurity Awareness Month, cosponsored by the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance. This year’s theme is “Secure Our World.” Cybersecurity...more
On Sept. 11, 2023, Governor John Carney of Delaware signed into law the new Delaware Personal Data Privacy Act. Advertised as the “strongest privacy bill in the nation,” the law adds to the growing complex tapestry of state...more
On March 28, Iowa’s six-year-long effort to pass comprehensive consumer data privacy legislation was finally completed, making Iowa the sixth state to pass such a law. Just over two weeks later, Indiana’s legislature passed...more
Clark Hill is proud to invite you to its inaugural, in-person program, where legal, in-house and technical professionals will delve into the latest cyber and privacy topics and trends. Panelists will share insight into...more
The Continued Regulation of Geolocation Data - There is a myriad of geolocation data use-cases in automotive applications that provide direct benefits to and are controlled by consumers. This commentary focuses on the...more
On July 19, the Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Controls Systems Advisory (ICSA) detailing six vulnerabilities in the commonly used MiCODUS MV720 Global Positioning System (GPS)...more
On May 10, Connecticut joined other states by passing a state consumer data privacy law. This law gives Connecticut consumers more control over what companies can do with personal data collected from Connecticut consumers....more
2021 was a game-changing year in cybersecurity, with high profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include Accellion, SolarWinds, Microsoft Exchange, Kaseya,...more
The FBI has reported that an email system was compromised and used to send out thousands of fraudulent emails about a fake cybercrime investigation to over 100,000 inboxes....more