The Target: HealthEquity, a Utah-based health savings account (HSA) provider.
The Take: The stolen information included a mix of benefits sign-up information that varied by customer. That mix could include name, address, phone number, employee ID, employer, Social Security number, and dependent information.
The Vector: The company said in a notice that a hacker managed to breach an "an unstructured data repository outside our core systems" containing customer data, making off with various kinds of personally identifiable information.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
MSN: A ransomware attack on a technology service provider has forced payment systems across nearly 300 small Indian local banks to shut down temporarily, two sources directly aware of the matter said.
Yahoo Finance: American cybersecurity company Tenable Holdings is exploring various strategic options, including a potential sale, following expressions of interest from potential buyers, reports Bloomberg.
BNN Bloomberg: Canadian organizations embroiled in data breaches wind up paying an average $6.32 million to resolve the incidents, a new study from IBM says.
Dark Reading: On July 19, the world experienced one of the largest IT outages in history, affecting millions of users globally, and systems and people will be reeling from its impact for weeks.
Forbes: The highly anticipated U.S. Security and Exchange Commission rules on cybersecurity risk management, strategy, governance and incident disclosure went into effect in December.
CNBC: When you get an email or see a headline telling you there has been a data breach at a company you do business with, the natural instinct may be to roll your eyes and go about your day.
Finextra: The European Central Bank says there is "room for improvement" after conducting its first thematic stress test on cyber resilience to determine how well individual banks would respond to and recover from, a cyber attack.
The Target: MediSecure, an Australian electronic prescription provider.
The Take: The impacted data included personal information including full names, titles, dates of birth, gender, email addresses, phone numbers, and individual healthcare identifiers (IHI).
The Vector: An early forensic investigation by the company into the relevant impact of the incident indicated that 6.5TB of data stored on a database server was likely exfiltrated by a malicious third-party actor, although, encrypted servers couldn’t be examined for further details.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
BNN Bloomberg: CrowdStrike Holdings Inc., the cybersecurity company at the center of massive global IT outages, said that a bug in a safety mechanism allowed flawed data to go out to customers in a botched update, causing last week’s meltdown.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
2nd Floor, The Park
V Parku 8
Chodov, Praha, 148 00
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy