.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Car rental giant Hertz
The Take: The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.
The Vector: The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang. Hertz is one of dozens of companies that used Cleo’s software at the time of their data thefts. The Clop ransomware gang claimed last year to have exploited a zero-day vulnerability in Cleo’s widely used enterprise file transfer products, which allow companies to share large sets of sensitive data over the internet. By breaching these systems, the hackers stole reams of data from Cleo’s corporate customers.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
CSO Online: Generative AI’s many benefits come with the drawback of data security risks, primarily through shadow AI use and the leakage of sensitive information.
Cybersecurity Dive: Two federal lawmakers today introduced a bipartisan bill that preserves key regulation that facilitates the sharing of cyber-threat data between private companies and the federal government.
Bleeping Computer: CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.
Investing.com: Christopher Krebs, whom President Donald Trump fired as head of the Cybersecurity and Infrastructure Security Agency in 2020, said he is leaving cybersecurity company SentinelOne following pressure from the White House.
Crunchbase: After successive quarters of decline, venture funding to cybersecurity startups nudged up in the first quarter — and could see even more investment after having the largest acquisition of a private, venture-backed company ever.
PR Newswire: New research from Ernst & Young LLP highlights significant financial risks posed by today's evolving cybersecurity threat landscape, with alarming disconnects across the C-suite on exposure levels, threat sources and more.
PYMNTS.com: A Bloomberg report says that JPMorgan Chase and Bank of New York Mellon have scaled back electronic information sharing with the Office of the Comptroller of the Currency (OCC) following a significant breach of the regulator’s email system.
The Target: Sensata Technologies is an industrial technology company that develops, manufactures, and sells a wide range of sensors and sensor-rich solutions, as well as electrical protection components and systems.
The Take: A preliminary investigation with assistance from external cybersecurity experts confirmed that the hackers have exfiltrated data from the company network.
The Vector: Data theft is a common tactic used by ransomware actors to extort victims, increase pressure to pay a ransom, and create legal and regulatory complexities. Currently, Sensata is still determining what files were stolen in the attack and will notify impacted individuals and regulatory authorities as needed, based on the results of its investigation.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Cybersecurity Dive: Attackers gained access to emails containing sensitive government data related to financial institutions in a cyberattack on the Department of the Treasury’s Office of the Comptroller of the Currency (OCC), in what the agency characterized as a “major incident.”
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
2nd Floor, The Park
V Parku 8
Chodov, Praha, 148 00
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy