.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: StreamElements is a popular cloud-based streaming tools platform used primarily by content creators on Twitch and YouTube. It provides a suite for stream overlays, tips/donations, chatbots, activity feeds, merch store integration, stream analytics, loyalty/reward systems, and more.
The Take: A threat actor using the nickname "victim" claimed to have stolen the data of 210,000 StreamElements customers on March 20, 2025. The threat actor also shared samples of the stolen data, which included full names, addresses, phone numbers, and email addresses.
The Vector: The same hacker claimed that they breached a StreamElements employee via an information-stealing malware infection, which allowed them to take over an internal account and access the platform's order management system.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
SecurityWeek: The company has raised $21 million in initial funding from Lightspeed Ventures and Bain Capital Ventures. Straiker’s platform aims to address the risks associated with the increasing use of AI chatbots and AI agents.
GlobeNewswire: Despite the volume of U.S. data breaches declining in 2024 from highs reached a year prior, data breach severity reached levels never seen since TransUnion’s measurement began in 2020.
SecurityWeek: The investment round was led by Forgepoint Capital, with additional support from Ballistic Ventures, Capital One Ventures, Cisco Investments, Evolution Equity, K2 Access Fund, and In-Q-Tel (IQT).
Crunchbase: Dallas-based enterprise browser developer Island raised a $250 million Series E at a $4.8 billion valuation. The new round was led by Coatue Management, with several existing investors participating in the round, per the company.
GlobeNewswire: The Cybersecurity Mesh Market is expanding as enterprises combat increasingly sophisticated cyber threats in a complex IT landscape.
PYMNTS.com: Historically, banks built security the same way they built vaults: thick walls, high fences and minimal exposure. But digital transformation has upended that perimeter.
Financial Newswire: The Association of Superannuation Funds of Australia (ASFA) has responded to the ASIC proposals by arguing that the relief period of 30 days is not enough and should be extended to 60 days.
The Target: Western Alliance is a wholly owned subsidiary of Western Alliance Bancorporation, a leading U.S. banking company with over $80 billion in assets.
The Take: An analysis of the stolen files concluded on February 21, 2025, and found they contained customer personal information, including names and Social Security numbers, as well as their dates of birth, financial account numbers, driver's license numbers, tax identification numbers, and/or passport information if it was provided to Western Alliance.
The Vector: The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files stored on the compromised devices.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Yahoo News/Reuters: Hong Kong passed a cybersecurity law to regulate operators of critical infrastructure, forcing them to strengthen computer systems and report cybersecurity incidents or risk penalties of up to HK$5 million ($640,000).
Dark Reading: Cybersecurity is at an inflection point. As threats grow in complexity and regulatory scrutiny increases, leadership in the industry is evolving. I know this firsthand: If you had told me years ago that I'd be leading a cybersecurity company, I probably wouldn't have believed you.
Yahoo Finance: Wiz backer Sequoia Capital is poised to deliver a return of about 25 times its invested capital from the cybersecurity startup’s pending sale to Google parent Alphabet Inc., according to a person with knowledge of the matter.
The Guardian: Google’s owner, Alphabet, has agreed to buy the cybersecurity group Wiz for $32bn (£24.7bn), the biggest acquisition it has ever made.The search company’s purchase of the Israeli startup comes as Google attempts to catch its competitors Microsoft and Amazon in the competitive cloud services market.
Business Wire: Resecurity, a U.S.-based cybersecurity company protecting Fortune 500 companies and government agencies globally, has announced a strategic partnership with the Union of Arab Banks (UAB) to enhance cybersecurity capabilities, fraud prevention and threat intelligence sharing across the Arab banking and financial sectors.
GlobeNewswire: Ciso Global Inc., a leader in AI-powered security software, managed cybersecurity, and compliance, announced the product launch of CISO Edge, its next-generation AI-driven cloud security solution, now available to existing customers and channel partners.
Business Wire: Brighton Park Capital (“Brighton Park”), an investment firm focused on entrepreneur-led, growth-stage companies in software and healthcare, announced a growth investment in HITRUST, the leader in information security assurance for risk management and compliance.
The Target: The Japanese information and communication technology provider NTT Communications Corporation (NTT Com).
The Take: The threat actor, the company says, exfiltrated information on 17,891 customer companies, including contract numbers, customer names, contact names, phone numbers, email addresses, physical addresses, and information on service usage.
The Vector: The incident, the telecoms firm says, occurred on February 5, when an unnamed threat actor accessed its internal systems, including those hosting information on services provided to customer companies.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
MSN: The Australian securities watchdog said it is taking fixed-income broker FIIG to court, alleging it failed to implement adequate cybersecurity measures over a four-year period, enabling a hacker to infiltrate its IT network.
Tech Radar: The cyber sector in the UK has seen significant investment in the last few months, and has grown 12% in the last year, new analysis has claimed. The industry generated £13.2 billion in revenue over the past year, with a total gross value added of £7.8 billion, up 21% from the year before.
Tech Monitor: A report published by Australia-based Monash University has exposed the growing prevalence of ‘cyberwashing,’ a practice where organisations exaggerate their cybersecurity capabilities to create a misleading perception of robust data protection.
PYMNTS.com: Sola Security has raised $30 million for its no-code, artificial intelligence (AI)-powered cybersecurity platform. The seed funding, announced as the company emerged from stealth, will allow Sola to develop its solution, which it says lets businesses build security apps without needing “deep technical expertise” or having to spend too much.
SecurityWeek: National General, which offers home, vehicle, and other insurance coverage, suffered two data breaches in 2020 and 2021, resulting in the driver’s license numbers of more than 165,000 New Yorkers being compromised.
Private Banker International: Cybersecurity has always been a pressing concern in financial services, but it is becoming a priority for investors. In terms of concerns, cybersecurity is always near the top for private banks, wealth managers and their clients. Protecting money, especially at the level of wealth, is crucial.
Bleeping Computer: Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery.
The Target: DISA Global Solutions, Inc., a third-party employment screening services provider.
The Take: The personal information accessed could have included people’s names, Social Security numbers, driver’s license numbers, other government ID numbers, financial account information and other data elements.
The Vector: The company, which provides drug and alcohol testing and background checks, said it discovered on April 22, 2024, that it was the victim of cyber-attack that gave “an unauthorized third party” access to individuals’ personal information from Feb. 9, 2024, to April 22, 2024, the company said in a notice on its website.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
PR Newswire: Evolution Equity Partners, a leading venture capital investor, is thrilled to announce that John Cordo has joined the firm. John joins a team of thirty investment professionals and eight general partners focused on investing in best-of-breed cybersecurity and AI companies.
Yahoo News: The mass culling of workers from federal payrolls will have a "devastating" impact on cybersecurity and national security, a top former National Security Agency official said.
Private Banker International: In an era where cyber threats loom large over every industry, asset managers find themselves in an increasingly precarious position. With substantial assets under management (AUM) and access to sensitive client data, these firms are prime targets for cybercriminals.
PR Newswire: A new survey by HostingAdvice reveals 95% of Americans worry about their personal data being exposed in a corporate data breach. The survey also found that more than 61% have received at least one data breach notification in the past two years.
MSN: Jefferies said results of cybersecurity stocks have been better than expected so far, with modestly pressured first quarter and full year 2025 guidance.
EU Startups: Vienna-based Quantum Industries Gmbh (QI), a startup focused on quantum secure communications for critical infrastructure, announced the successful completion of its Seed financing round, raising a total of €9.5 million in fresh capital.
SecurityWeek: Uranium Finance was hacked twice in April 2021, with the total losses amounting to over $53 million, making it one of the largest hacks in decentralized finance (DeFi) at the time.
