On November 25, 2025, the Federal Bureau of Investigation (FBI) published a Public Service Announcement warning that cyber criminals are “impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes.” These schemes target individuals and businesses of all sizes across all sectors. According to the announcement, “Since January 2025, the FBI
Cyber Insurer Offers Product for Deepfakes
Deepfakes continue to be problematic for organizations and individuals. They are hard to detect and hard to respond to when used in an attack against a company.
To respond to this ongoing, and increasingly prevalent, problem, cyber insurer Coalition announced this week that it will expand coverage for “certain incidents where AI and deepfakes lead
Privacy Tip #471 – SMS Phishing on the Rise Before the Holidays
The holidays are always a busy time—sending holiday cards, cooking, present shopping and giving, and spending time with family and friends. It’s also an opportune and busy time for scammers too.
A new report by KrebsonSecurity reminds us that fraudsters use the holidays to launch new campaigns, in this case, SMS phishing scams. According to
Threat Actors Targeting Messaging Applications
On November 24, 2025, the Cybersecurity & Infrastructure Security Agency (CISA) issued an alert titled “Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications,” which outlines how “multiple cyber threat actors” are “leveraging commercial spyware to target users of mobile messaging applications.”
The threat actors “use sophisticated targeting and social engineering techniques to
FTC Settles With Illuminate for Data Breach of $10M Students’ Data
On December 1, 2025, the Federal Trade Commission (FTC) approved a proposed complaint and order against Illuminate Education, Inc., an education technology provider requiring it to “to implement a data security program and delete unnecessary data to settle allegations that the company’s data security failures led to a major data breach, which allowed hackers to
Privacy Tip #470 – Consumer Group Warns that AI Chatbots in Toys Contain Sexually Explicit Messages
In its 40th anniversary report, Trouble in Toyland 2025, the Public Interest Research Group (PIRG) warns that “[T]oys with artificial intelligence bots or toxics present hidden dangers. Tests show A.I. toys can have disturbing conversations. Other concerns include unsafe or counterfeit toys bought online.”
The report outlines PIRG’s testing of four toys (Curio’s Grok
Compromised Credentials Responsible for 50% of Ransomware Attacks
- August and September showed a sharp increase in ransomware activity, with those months accounting for 26% and 18% of reported ransomware incidents in the last half year, respectively.
- Akira, Qilin, and INC Ransomware represented 65%
DOJ Subpoena for Patient Records from Children’s Hospital of Philadelphia Blocked by Federal Court
On November 21, 2025, in a lengthy decision, U.S. District Judge for the Eastern District of Pennsylvania Mark A. Kearney quashed a subpoena issued by the U.S. Department of Justice (DOJ) to Children’s Hospital of Pennsylvania’s Gender and Sexuality Development Program (CHOP) seeking documents:
(1) identifying the names, addresses, and social security numbers of
North Carolina + Utah Governors Launch Bipartisan AI Task Force
- Identifying emerging AI issues with the help of law enforcement, experts, and stakeholders to better equip attorneys general to protect the public;
- Developing
Privacy Tip #469 – Parents: Do You Know How Your Children + Their Schools are Using AI?
I recently had the honor to be the guest speaker on Roger Williams University School of Law’s Law 401 podcast where we had a lively discussion about “Keeping Up with AI: Are Student Protections Falling Behind?”
We dug into how schools are promoting students’ use of AI tools yet not necessarily educating students