.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Investment management firm Ellington Management Group L.L.C.
The Take: Ellington determined that the following general categories of information may have been involved in the incident but are not relevant to every individual impacted: name, date of birth, Social Security number, medical information, and driver’s license number. In only three instances, non-Ellington financial account information may have been impacted.
The Vector: Ellington’s investigation determined that between July 18, 2023 and August 8, 2023, an unauthorized actor had access to a single Ellington email account for the demonstrated purpose of sending phishing emails. Ellington analyzed the email account and did not find any evidence of any data being downloaded, emails being forwarded, or the account being synced to other systems.
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
The Target: Hilb Group, a business that handles property, casualty, and employee benefits insurance and advisory services at more than 130 locations across 22 US states.
The Take: People's first and last names and sensitive financial data and credentials. Specifically, Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account).
The Vector: Hilb says it discovered "suspicious activity" related to employee email accounts around January 10. After doing some digging, and bringing on a third-party incident response firm, the insurance brokerage determined someone broke into those inboxes between December 1, 2022 and January 12, 2023.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: The popular optimization app CCleaner
The Take: The hackers took names, contact information and information about the products that were purchased.
The Vector: The hackers exploited a vulnerability in the widely used MOVEit file transfer tool, which is used by thousands of organizations, including CCleaner, to move large sets of sensitive data over the internet.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
The Target: Japanese electronics manufacturer Casio.
The Take: The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics.
The Vector: Casio detected the incident on Wednesday, October 11, 2023, following the failure of a ClassPad database within the company's development environment. Evidence suggests that the attacker accessed customers' personal information a day later, on October 12, 2023.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: The District of Columbia Board of Elections (DCBOE) operates as an autonomous agency within the District of Columbia Government and is entrusted with overseeing elections, managing ballot access, and handling voter registration processes.
The Take: This dataset includes the individual's name, registration ID, voter ID, partial Social Security number, driver's license number, date of birth, phone number, email, and more.
The Vector: DCBOE’s investigation into the claims has revealed that the attackers accessed the information through the web server of DataNet, the hosting provider for Washington D.C.'s election authority.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
The Target: DNA testing company 23andMe.
The Take: The information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry.
The Vector: The company said its preliminary investigation indicated that an attacker may have compiled login credentials leaked from other platforms and then recycled these credentials to access the accounts of 23andMe customers who had used the same username and password combination.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: Cloud customer relationship management (CRM) software provider Really Simple Systems.
The Take: Personally identifiable information (PII), including medical records, identification documents, real estate contracts, credit reports, legal documents, tax documents, and non-disclosure agreements.
The Vector: Cybersecurity Researcher, Jeremiah Fowler, discovered and promptly notified Really Simple Systems about a non-password-protected database that contained over 3 million records. The documents appeared to be associated with internal invoices, communications, and customer’s stored CRM files.
While some immediate corrective actions were implemented, specific folders remained open for an extended duration before their access was limited. This incident highlights the pressing requirement for strong password encryption measures to protect customer data and thwart unauthorized access to sensitive information.
The Target: Software bug-tracking company Rollbar
The Take: Sensitive customer information, including usernames and email addresses, account names, and project information, such as environment names and service link configuration.
The Vector: The security breach was discovered by Rollbar on September 6 when reviewing data warehouse logs showing that a service account was used to log into the cloud-based bug monitoring platform. Once inside Rollbar's systems, the threat actors searched the company's data for cloud credentials and Bitcoin wallets.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
The Target: The European aerospace giant Airbus
The Take: The hacker claimed to have details on thousands of Airbus vendors, including names, addresses, phone numbers and emails.
The Vector: Hackers breached an “IT account associated with an Airbus customer” and the company then investigated the incident. This account was used to download business documents dedicated to this customer from an Airbus web portal, the company said.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
The Target: Curaçao-headquartered Stake.com offers casino and sports betting for players using cryptocurrency.
The Take: Over $40m in cryptocurrency.
The Vector: In crypto, hot wallets are less secure than cold wallets because public and private keys can be reached from the internet, enabling remote access and unauthorized activity. This appears to be what happened to Stake.com, although the firm has revealed few other details.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy