shutterstock_490960141-1

Industry News: ESG5

    Know Your Breach: HealthEquity

    The Target: HealthEquity, a Utah-based health savings account (HSA) provider.

    The Take: The stolen information included a mix of benefits sign-up information that varied by customer. That mix could include name, address, phone number, employee ID, employer, Social Security number, and dependent information.

    The Vector: The company said in a notice that a hacker managed to breach an "an unstructured data repository outside our core systems" containing customer data, making off with various kinds of personally identifiable information.

    This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

    Read more...

    Ransomware Attack Forces Hundreds of Small Indian Banks Offline, Sources Say

    2024-08-01

    MSN: A ransomware attack on a technology service provider has forced payment systems across nearly 300 small Indian local banks to shut down temporarily, two sources directly aware of the matter said.

    Read more...

    Cybersecurity Company Tenable Reportedly Exploring Potential Sale

    2024-07-31

    Yahoo Finance: American cybersecurity company Tenable Holdings is exploring various strategic options, including a potential sale, following expressions of interest from potential buyers, reports Bloomberg.

    Read more...

    Average Data Breach Costs Canadian Organizations $6.32 Million: IBM Study

    2024-07-30

    BNN Bloomberg: Canadian organizations embroiled in data breaches wind up paying an average $6.32 million to resolve the incidents, a new study from IBM says.

    Read more...

    The CrowdStrike Meltdown: A Wake-up Call for Cybersecurity

    2024-07-30

    Dark Reading: On July 19, the world experienced one of the largest IT outages in history, affecting millions of users globally, and systems and people will be reeling from its impact for weeks. 

    Read more...

    What The SEC's Cybersecurity Disclosure Rules Mean For Companies

    2024-07-30

    Forbes: The highly anticipated U.S. Security and Exchange Commission rules on cybersecurity risk management, strategy, governance and incident disclosure went into effect in December.

    Read more...

    ‘The Worst Thing You Can Do’ After a Data Breach, According to a Cybersecurity Expert

    2024-07-30

    CNBC: When you get an email or see a headline telling you there has been a data breach at a company you do business with, the natural instinct may be to roll your eyes and go about your day.

    Read more...

    ECB Cyber Security Test Reveals 'Room For Improvement'

    2024-07-29

    Finextra: The European Central Bank says there is "room for improvement" after conducting its first thematic stress test on cyber resilience to determine how well individual banks would respond to and recover from, a cyber attack. 

    Read more...

    Know Your Breach: MediSecure

    The Target: MediSecure, an Australian electronic prescription provider.

    The Take: The impacted data included personal information including full names, titles, dates of birth, gender, email addresses, phone numbers, and individual healthcare identifiers (IHI).

    The Vector: An early forensic investigation by the company into the relevant impact of the incident indicated that 6.5TB of data stored on a database server was likely exfiltrated by a malicious third-party actor, although, encrypted servers couldn’t be examined for further details.

    This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

    Read more...

    CrowdStrike Blames Defect in Content Update for Epic IT Crash

    2024-07-24

    BNN Bloomberg: CrowdStrike Holdings Inc., the cybersecurity company at the center of massive global IT outages, said that a bug in a safety mechanism allowed flawed data to go out to customers in a botched update, causing last week’s meltdown.

    Read more...

    About Castle Hall Diligence

    Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

    Subscribe to Cyber Updates