On November 25, 2025, the Federal Bureau of Investigation (FBI) published a Public Service Announcement warning that cyber criminals are “impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes.” These schemes target individuals and businesses of all sizes across all sectors. According to the announcement, “Since January 2025, the FBI
Cyber Insurer Offers Product for Deepfakes
Deepfakes continue to be problematic for organizations and individuals. They are hard to detect and hard to respond to when used in an attack against a company.
To respond to this ongoing, and increasingly prevalent, problem, cyber insurer Coalition announced this week that it will expand coverage for “certain incidents where AI and deepfakes lead…
Massachusetts High Court Weighs Instagram Lawsuit: Is Meta Getting Kids Hooked — And Is That Illegal?
Last week, Massachusetts’ Supreme Judicial Court delved into a case with potentially national implications: should Meta platforms face a lawsuit alleging that Instagram’s design illegally hooks kids with addictive features?
The justices appeared divided as they questioned whether Meta’s practices are protected by Section 230 of the Communications Decency Act, the law that shields online…
Texas Puts Registration on Hold for Consent-Based Marketing
By Roma Patel
On November 6, 2025, Texas reached a settlement regarding Senate Bill 140 (SB 140), which set forth amendments to the “state’s mini-TCPA” (Chapters 301-305 of the state’s Business and Commerce Code). In a joint motion to dismiss, the state clarified that businesses who only send marketing texts to users who have opted in need not…
Why Your Company Must Review Its Website Privacy Policy and Online Disclosures Annually
Is your website’s privacy policy up-to-date? For businesses covered by the California Consumer Privacy Act (CCPA) and the expanded 2026 regulations, annual reviews and updates are required—not optional. Here’s why you should make an annual privacy checkup part of your compliance routine:
- It’s the Law: The CCPA regulations mandate that you review, and update, if necessary, your
…
CCPA 2026: What Companies Need to Know About California’s Revised Consumer Privacy Rule
The California Consumer Privacy Act (CCPA), as amended and effective January 1, 2026, brings the most detailed and sweeping changes since the law’s introduction. If you do business in California or handle Californians’ personal information, here’s what your company must know, and do, to avoid compliance risks.
Expanded Privacy Policy and Disclosure Requirements
The updated…
Privacy Tip #471 – SMS Phishing on the Rise Before the Holidays
The holidays are always a busy time—sending holiday cards, cooking, present shopping and giving, and spending time with family and friends. It’s also an opportune and busy time for scammers too.
A new report by KrebsonSecurity reminds us that fraudsters use the holidays to launch new campaigns, in this case, SMS phishing scams. According to…
Court Knocks the Wind out of Trump Administration’s Offshore Ban
By Peter Knight
On December 8, 2025, a Massachusetts federal court ruled that the Trump administration’s ban on permit application review for offshore and onshore wind projects was illegal. While the ruling will not necessarily result in the issuance of new permits, it lifts the moratorium on review and processing of applications. In May 2025, a coalition of…
Threat Actors Targeting Messaging Applications
On November 24, 2025, the Cybersecurity & Infrastructure Security Agency (CISA) issued an alert titled “Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications,” which outlines how “multiple cyber threat actors” are “leveraging commercial spyware to target users of mobile messaging applications.”
The threat actors “use sophisticated targeting and social engineering techniques to…
FTC Settles With Illuminate for Data Breach of $10M Students’ Data
On December 1, 2025, the Federal Trade Commission (FTC) approved a proposed complaint and order against Illuminate Education, Inc., an education technology provider requiring it to “to implement a data security program and delete unnecessary data to settle allegations that the company’s data security failures led to a major data breach, which allowed hackers to…