.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Food delivery company GrubHub.
The Take: GrubHub said that, depending on the affected individual, the attackers gained access to names, email addresses, and phone numbers, as well as partial payment card information (including card type and last four digits of the card number) for some campus diners.
The Vector: The investigation found that the intrusion originated with an account belonging to a third-party service provider that provided support services to Grubhub.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
CSO Online: CISOs are increasingly getting caught between business pressures and regulatory obligations, leaving them struggling to balance corporate loyalty and legal accountability.
Cybersecurity Dive: Employees attempting to use a company device to access Chinese tech startup DeepSeek’s wildly popular artificial intelligence app could inadvertently be exposing their organization to threats such as cyberespionage, experts warned.
Dark Reading: Many cybersecurity leaders kick off each new year with predictions for the year to come. You may have seen a deluge of them over the last month or so: "Cyberattacks will continue to be a problem." "This certain country will ban ransom payments."
Private Equity Wire: The report indicates that 27% of investors now prioritise cybersecurity in operational due diligence conversations, reflecting heightened awareness of digital threats in the private capital industry.
Cybersecurity Dive: Cryptocurrency ransomware payments fell from a record $1.25 billion in 2023 to nearly $814 million in 2024, a report released by Chainalysis showed.
MSN/Reuters: SailPoint said it was targeting a valuation of up to $11.5 billion in its New York flotation, as the cybersecurity firm looks to go public again in the United States after more than two years.
Forbes: It stands to reason that as organizations grow, their footprint becomes more distributed. While this enables them to remain closer to their customers and other stakeholders, it also means their network environments become more complex.
The Target: Digital payments giant PayPal
The Take: Hackers had access to names, addresses, Social Security numbers, individual tax identification numbers and dates of birth.
The Vector: The threat actors behind the PayPal breach used a tactic called credential stuffing, where attackers use stolen username/password combinations from one data breach to attempt to log into other websites and services.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Investment News: The constantly evolving landscape of third-party risks that are seen by Finra staff have been highlighted in its 2025 Regulatory Oversight Report.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
2nd Floor, The Park
V Parku 8
Chodov, Praha, 148 00
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy