Our first newsletter is here — just in time to celebrate Cybersecurity Awareness Month!
View in browser
FINAL REsource Hubsot Header -1
HubSpot Banners (14)
Hubspot Headers (600 x 100 px) (6)

October 2025

Happy Cybersecurity Awareness Month!

October marks National Cybersecurity Awareness Month (NCSAM)—a nationwide initiative focused on promoting stronger digital safety practices and empowering individuals and organizations to stay secure in an increasingly connected world.

 

As technology continues to evolve, so do the risks associated with data protection, privacy, and artificial intelligence. This month, we’re joining the national conversation by highlighting emerging threats, practical safeguards, and evolving regulatory trends to help you and your business stay one step ahead.

 

Whether you’re managing sensitive data, navigating new compliance requirements, or leveraging AI responsibly, cybersecurity is everyone’s responsibility, and awareness is the first line of defense.

Insights

please generate an orange line art image in pencil style of the texas capital building with the state flag flying with a white background-1

Texas Senate Bill 140: New Telemarketing Liabilities for Franchisors and Businesses Marketing to Texans

By: Jade Davis & Jack Santaniello

Read Here
Untitled design (2)

Chatty Chatbots: Why AI Agents are the Silent Threat to Your Company's IP

By: Nick Carr & Brian Focht

Read Here
create a line art image in a pencil style in orange of a stack of documents with a magnifying glass on top and a white background-1

AI Related M&A Risks: Acquiring Hidden Liabilities from AI Models

By: Lloyd Wilson 

Read Here
please generate a line art image of the us capital building with a storm brewing in the sky in orange and a white background to signify the government shutdown-1

Government Shutdown Creates a "Perfect Storm" for U.S. Cybersecurity

By: Chris Salemme

Read Here
create a line art image with a pencil style in orange of a cybersecurity lock image with some coding in the back and a white background-1

Cybersecurity Tips for Businesses

By: Jade Davis

Read Here

Was this email forwarded to you?

SUBSCRIBE HERE

Legislative & Regulatory

Colorado and Montana changed data privacy thresholds to differentiate between biometrics and kids and to lower consumer numbers before applicability. 

 

California Governor Signs New Data Privacy Bills:

On October 8, 2025, California Gov. Gavin Newsom signed two major privacy-focused bills into law—one requiring all web browsers to include universal opt-out functionality that lets users automatically decline the sale or sharing of personal information across the web, and another mandating that social media platforms treat account deletions as California Consumer Privacy Act requests to remove users’ personal data.

 

DoD CMMC Program

The DoD finalized the CMMC program in 2025, requiring defense contractors to meet tiered cybersecurity standards as a condition for contracts.

Enforcement Actions

FTC agrees to $7.5 million settlement with Chegg over claims, including illegal “Dark Patterns” 

On September 15, 2025, the FTC announced a $7.5 million settlement with educational tech company Chegg for failing to provide reasonable methods for cancelling subscriptions. Among the allegations were that Chegg’s website buried the cancellation options and made it intentionally difficult to complete. 

 

U.S. HHS settles HIPAA claim with Cadia Healthcare

On September 30, 2025, the HHS settled with Cadia Healthcare for  $182,000 for failing to obtain a patient’s consent before posting the patient’s “success story,” including pictures, on their public website.

 

CPPA fines Tractor Supply Co. $1.35 million 

On September 30, 2025, the California Privacy Protection Agency fined Tractor Supply Co. $1.35 million, an annual fee required by the Delete Act.

Notable Data Breaches

City of St. Paul

Ransomware attack crippled the city's digital services, leading to a state of emergency and deployment of the Minnesota National Guard's cyber unit. Sensitive documents, including HR files and financial records, were exposed.

 

Salesforce 

Breach exposing business contact information used for communication with potential advertisers and leading to a surge in fake phishing emails targeting Google and Gmail users. The hacking group launched a website this month to extort victims.

 

Gucci, Balenciaga, and Alexander McQueen

Data breaches on Gucci, Balenciaga, and Alexander McQueen were targeted in a ransomware attack via third-party systems connected to the brands rather than directly breaching their core infrastructure.

 

Oracle

A zero-day vulnerability in Oracle E-Business Suite was exploited by the Cl0p ransomware group in targeted cyberattacks.

Learn more about Shumaker's Technology, Data Privacy,

Cybersecurity & AI Service Line

Contributors:

Contributors:

Jade Davis
HubSpot - Digital Risk Report Images (2)

Jade Davis

Partner

Brian Focht

Senior Counsel

Nick Carr

Partner

45
49
HubSpot - Digital Risk Report Images (3)

Enisha Smith

Associate

Andrew Stevens

Associate

Lloyd Wilson

Associate

Special Contributors:

50
48

Chris Salemme

Shumaker Advisor

Jack Santaniello

Partner

Was this email forwarded to you?

SUBSCRIBE HERE
Hubspot Headers (600 x 100 px) (8)
HubSpot Footer -1
Facebook
LinkedIn
X
Instagram
YouTube
TikTok

Manage Preferences | Unsubscribe | Privacy Statement

Shumaker, 1000 Jackson St, Toledo OH 43604