Industry News: ESG5

The Target: ​ StreamElements is a popular cloud-based streaming tools platform used primarily by content creators on Twitch and YouTube. It provides a suite for stream overlays, tips/donations, chatbots, activity feeds, merch store integration, stream analytics, loyalty/reward systems, and more.

The Take: A threat actor using the nickname "victim" claimed to have stolen the data of 210,000 StreamElements customers on March 20, 2025. The threat actor also shared samples of the stolen data, which included full names, addresses, phone numbers, and email addresses.

The Vector: The same hacker claimed that they breached a StreamElements employee via an information-stealing malware infection, which allowed them to take over an internal account and access the platform's order management system.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: ​ Western Alliance is a wholly owned subsidiary of Western Alliance Bancorporation, a leading U.S. banking company with over $80 billion in assets.

The Take: An analysis of the stolen files concluded on February 21, 2025, and found they contained customer personal information, including names and Social Security numbers, as well as their dates of birth, financial account numbers, driver's license numbers, tax identification numbers, and/or passport information if it was provided to Western Alliance.

The Vector: The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files stored on the compromised devices.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target: The Japanese information and communication technology provider NTT Communications Corporation (NTT Com).​

The Take: The threat actor, the company says, exfiltrated information on 17,891 customer companies, including contract numbers, customer names, contact names, phone numbers, email addresses, physical addresses, and information on service usage.

The Vector: The incident, the telecoms firm says, occurred on February 5, when an unnamed threat actor accessed its internal systems, including those hosting information on services provided to customer companies.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: DISA Global Solutions, Inc., a third-party employment screening services provider.

The Take: The personal information accessed could have included people’s names, Social Security numbers, driver’s license numbers, other government ID numbers, financial account information and other data elements.

The Vector: The company, which provides drug and alcohol testing and background checks, said it discovered on April 22, 2024, that it was the victim of cyber-attack that gave “an unauthorized third party” access to individuals’ personal information from Feb. 9, 2024, to April 22, 2024, the company said in a notice on its website.

 This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: ​ Orange Group, a leading French telecommunications operator and digital service provider.

The Take: According to the threat actor, who uses the alias Rey and is a member of the HellCat ransomware group, the stolen data is mostly from the Romanian branch of the company and includes 380,000 unique email addresses, source code, invoices, contracts, customer and employee information.

 The Vector: The threat actor compromised Orange’s systems by exploiting compromised credentials, and vulnerabilities in the company’s Jira software for bug/issue tracking, and internal portals.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: ​Globe Life is an American financial services holding company.

The Take: The information potentially exposed includes names, email addresses, phone numbers, and postal addresses. In some cases, Social Security numbers, health-related data, and other personal details may also have been involved.

 The Vector: The ongoing review indicated that the breach may have involved information linked to its American Life Insurance Co. subsidiary. In a new SEC filing on Jan. 30, Globe Life reported that customer information compromised in the attack was traced to databases maintained by a limited number of independent agency owners.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: ​Hewlett Packard Enterprise, an American multinational information technology company.

 The Take: A breach notification filing with the state of Massachusetts indicated that Social Security numbers, driver’s license numbers and credit/debit card numbers were compromised in the attack.

 The Vector: HPE was notified on Dec. 12, 2023, that a suspected nation-state threat group had breached its Office 365 email environment. An investigation revealed that starting in May 2023, Midnight Blizzard actors accessed emails and pilfered data from mailboxes “belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”

 As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

The Target: ​Food delivery company GrubHub.

The Take: GrubHub said that, depending on the affected individual, the attackers gained access to names, email addresses, and phone numbers, as well as partial payment card information (including card type and last four digits of the card number) for some campus diners.

The Vector: The investigation found that the intrusion originated with an account belonging to a third-party service provider that provided support services to Grubhub.

 This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Digital payments giant PayPal

The Take: Hackers had access to names, addresses, Social Security numbers, individual tax identification numbers and dates of birth.

The Vector: The threat actors behind the PayPal breach used a tactic called credential stuffing, where attackers use stolen username/password combinations from one data breach to attempt to log into other websites and services.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target: Otelier, previously known as MyDigitalOffice, is a cloud-based hotel management solution used by over 10,000 hotels worldwide to manage reservations, transactions, nightly reports, and invoicing.

The Take: The small samples seen by BleepingComputer include a broad range of data, including hotel guest reservations, transactions, employee emails, and other internal data. Some of the personal information exposed includes hotel guests' names, addresses, phone numbers, and email addresses.

The Vector: The threat actors behind the Otelier breach told BleepingComputer that they initially hacked the company's Atlassian server using an employee's login. These credentials were stolen through information-stealing malware, which has become the bane of corporate networks over the past few years.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...