This compliance intelligence digest highlights critical compliance alerts, including the Lapsus$ group’s return threatening a Salesforce leak, new US Commerce Department global license requirements, and the rising costs of healthcare cyberattacks. Also covered are ISO 27001 implementation challenges, FTC shutdown plans, and third-party risks related to tariff transactions. Stay informed to protect your organization from emerging threats and regulatory shifts.
Top 5 Critical Compliance Alerts
- Scattered Lapsus$ Hunters Returns With Salesforce Leak Site: The cybercriminal collective reemerged and threatened to publish the stolen data of Salesforce customers by Oct. 10 if its demands are not met. Read more
- New US Commerce Department Global License Requirements for Transactions Involving Affiliates of Listed Entities: BIS released the Affiliates Rule, which draws unnamed entities around the world into BIS’s entity-specific controls to close paths of diversion to blacklisted entities. Read more
- Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business: The company likely failed to completely clean out attackers from a previous breach and now is a case study for the high cost of ransomware. Read more
- PHI Potentially Stolen in Phishing Attack on Superior Vision Service: Protected health information has been compromised in a phishing attack on Superior Vision Service. Read more
- Healthcare Cyberattacks Costing $200K+ Rise 400% in a Year: Almost half of healthcare organizations experienced at least one data breach between March 2024 and March 2025. Read more
Compliance Frameworks
- 5 Reasons ISO 27001 Implementations Fail (and How to Avoid Them): Most ISMS implementation projects fail because of poor planning and execution, requiring leadership, integration, and discipline across the business. Read more
Regulatory Updates
- FTC Releases Shutdown Plan, Will Continue to Accept HSR Filings: The FTC released a shutdown plan outlining operations during the lapse in appropriations; FTC Commissioners are excepted from furlough. Read more
- New SEC No-Action Letter on Crypto Custody: What It Means for Advisers & Funds: A new SEC no-action letter addresses custody of crypto assets for regulated advisers and funds. Read more
- CFTC Proposes Revisions to Business Conduct and Swap Documentation Requirements for Swap Dealers and Major Swap Participants: The CFTC issued a proposal to revise external business conduct standards and swap documentation requirements for Swap Entities, removing unnecessary burdens. Read more
Third-Party Risk & Due Diligence
- Beware the Tariff DDP Trap: Managing Hidden Import Liabilities Before They Bite: Companies using Duty Paid transactions face exposure; the importer remains legally responsible for accurate customs declarations, tariff payments, and regulatory compliance. Read more
