.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Patelco is an American not-for-profit credit union that provides financial services, including checking and savings accounts, loans, credit cards, insurance plans, and investments, with assets exceeding $9 billion.
The Take: The information that was exposed to cybercriminals varies per individual and may include: full name, Social Security Number (SSN), driver’s license number, date of birth, email address.
The Vector: Last month, the company disclosed it suffered a ransomware attack on June 29, 2024, that forced it to shut down customer-facing banking systems to contain the damage and protect people's data.
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
MSN/Reuters: Cybercrime and other acts of sabotage have cost German companies around 267 billion euros ($298 billion) in the past year, up 29% on the year before, according to a survey published.
BNN Bloomberg: Rising cases of online thefts and frauds will push Indian banks that are already lagging behind their global peers in cybersecurity spending to step up, according to Neetu Chitkara, managing director and partner at Boston Consulting Group.
MSN/Reuters: A Chinese hacking group exploited a software bug to compromise several internet companies in the U.S. and abroad, a cybersecurity firm said.
Private Equity Wire: North Carolina-based private equity firm Falfurrias Management Partners has made a growth investment in cybersecurity company MOXFIVE.
PR Newswire: The rapid evolution of cyber threats, driven by increasingly sophisticated tactics and automation, has exposed the vulnerabilities of traditional security solutions.
Yahoo Finance: Cybersecurity stocks are in focus this week, with SentinelOne (S) and CrowdStrike (CRWD) earnings giving investors a fresh read on the sector. TD Cowen senior analyst Shaul Eyal joins Market Domination to discuss the state of the cybersecurity industry and some of its key players.
The Target: Toyota Motor Corporation is a Japanese multinational automotive manufacturer headquartered in Toyota City, Aichi, Japan.
The Take: The threat actor says they breached a U.S. branch and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information.
The Vector: BleepingComputer found that the files had been stolen or at least created on December 25, 2022. This date could indicate that the threat actor gained access to a backup server where the data was stored.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
MSN: Markets watchdog Sebi issued a new cyber security framework wherein all regulated entities are required to have appropriate security monitoring mechanisms, and the fresh norms will be implemented in a graded manner starting from January 2025.
CSO Online: Generative AI enabled threats, such as highly convincing phishing emails and morphed digital identities, which accurately mimic human communication, are evolving in real time, surpassing existing security measures and posing challenges to legacy defenses.
U.S. Securities and Exchange Commission (SEC): The Securities and Exchange Commission announced settled charges against New York-based registered transfer agent Equiniti Trust Company LLC, formerly known as American Stock Transfer & Trust Company LLC, for failing to assure that client securities and funds were protected against theft or misuse.
SecurityWeek: Chainalysis found that while illegal on-chain activity has dropped by nearly 20% year-to-date, ransomware payments have increased by 2%, from $449.1 million in the first half of 2023 to $459.8 million in the first half of 2024.
CFO Dive: AT&T, Ticketmaster owner Live Nation Entertainment and UnitedHealth Group are among companies that have reported massive data breaches since January.
Bleeping Computer: American chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities.
The Guardian: More than 7,300 websites have been taken down in the first year of operation of the Australian Securities and Investment Commission’s service targeting investment scams, the regulator has revealed.
The Target: Advanced Computer Software Group, a provider of IT and software services to the U.K.’s National Health Service (NHS) and other healthcare organizations.
The Take: The data breach affected 82,946 people, with sensitive information being exfiltrated, including medical records, phone numbers, and access details to the homes of 890 individuals receiving care at home.
The Vector: The incident, which occurred in August 2022, involved a ransomware attack that accessed systems via an account lacking multi-factor authentication.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Guardian: Cybersecurity firm Wiz, which last month rejected a $23bn (£18bn) takeover bid from Google’s parent company, Alphabet, is to open a European headquarters in London – a move that is a major shot in the arm for the UK’s aspiration to be a global tech hub.
CBS News: A new lawsuit is claiming hackers have gained access to the personal information of "billions of individuals," including their Social Security numbers, current and past addresses and the names of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.
Cybersecurity Dive: Global M&A deal volume increased 36% in the first quarter of the year, according to an Ernst & Young analysis. While such growth can be seen as a sign of positive economic development, it can also create new entry points for cyber threat actors, Resilience said in its report.
TechCrunch: Mark up another unicorn and large funding round for the cybersecurity industry: Kiteworks, which builds tools to secure email communications, file sharing and situations where people work with sensitive data, has raised $456 million from Insight Partners and Sixth Street Growth. The investment values the company at over $1 billion.
CSO Online: Generative AI, which has the unique ability to create original content and actions, had its conceptual origins in 1906 when Russian mathematician Andrei Andreevich Markov created a stochastic model of probabilities known as the Markov chain.
Yahoo Finance: The owners of eSentire are exploring options including a potential sale that could value the cybersecurity company at about $1 billion, including debt, according to people familiar with the matter.
Dark Reading: A combination of factors caused the CrowdStrike Falcon endpoint detection and prevention (EDR) sensor to crash, resulting in the global outage affecting 8.5 million Windows systems in July, the company said in a root-cause analysis of the incident.
The Target: HealthEquity, a Utah-based health savings account (HSA) provider.
The Take: The stolen information included a mix of benefits sign-up information that varied by customer. That mix could include name, address, phone number, employee ID, employer, Social Security number, and dependent information.
The Vector: The company said in a notice that a hacker managed to breach an "an unstructured data repository outside our core systems" containing customer data, making off with various kinds of personally identifiable information.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
MSN: A ransomware attack on a technology service provider has forced payment systems across nearly 300 small Indian local banks to shut down temporarily, two sources directly aware of the matter said.
Yahoo Finance: American cybersecurity company Tenable Holdings is exploring various strategic options, including a potential sale, following expressions of interest from potential buyers, reports Bloomberg.
BNN Bloomberg: Canadian organizations embroiled in data breaches wind up paying an average $6.32 million to resolve the incidents, a new study from IBM says.
Dark Reading: On July 19, the world experienced one of the largest IT outages in history, affecting millions of users globally, and systems and people will be reeling from its impact for weeks.
Forbes: The highly anticipated U.S. Security and Exchange Commission rules on cybersecurity risk management, strategy, governance and incident disclosure went into effect in December.
CNBC: When you get an email or see a headline telling you there has been a data breach at a company you do business with, the natural instinct may be to roll your eyes and go about your day.
Finextra: The European Central Bank says there is "room for improvement" after conducting its first thematic stress test on cyber resilience to determine how well individual banks would respond to and recover from, a cyber attack.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy