.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: TMX Finance Corporate Services, the parent company of lender TitleMax. TMX, which also operates the brands TitleBucks, InstaLoan and EquityAuto Loan, has more than 1,000 locations in 18 U.S. states.
The Take: A revised data breach notification sent to victims by TMX stated that beyond the raft of personal information that it previously stated had been stolen - including passport and Social Security numbers - attackers may have also stolen their credit/debit card number in combination with security code, access code, password or PIN for the account.
The Vector: TMX previously reported detecting suspicious activity on their systems on Feb. 13. A third-party incident response firm called in to investigate found the intrusion appeared to have started in early December 2022.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
The Target: The German Federal Bar (BRAK) Association, an umbrella organization overseeing 28 regional bars across Germany and representing about 166,000 lawyers nationally and internationally.
The Take: The organization is still trying to figure out how much information was taken involving communications from people contacting the Brussels office.
The Vector: The hackers encrypted BRAK’s mail server and exfiltrated 160 gigabytes of data.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
The Target: Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service's Discord server, with over 14,000 members.
The Take: The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID.
The Vector: A person known as 'Akhirah' began offering the Discord.io database for sale on the new Breached hacking forums. As proof of the theft, the threat actor shared four user records from the database.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. Access monitoring and testing for every public-facing webpage is a key strategy to mitigate these kinds of breaches to protect a firm’s customer base.
The Target: Salesforce, Inc., an American cloud-based software company headquartered in San Francisco, California
The Take: The goal of the phishing kit employed in this campaign was to steal Facebook account credentials, even featuring two-factor authentication bypassing mechanisms.
The Vector: The attackers chained a flaw dubbed "PhishForce," to bypass Salesforce's sender verification safeguards and quirks in Facebook's web games platform to mass-send phishing emails.
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
The Target: Sixty-two clients of Big Four accounting firm Ernst & Young
The Take: 3 terabytes of critical information about Ernst & Young clients including financial reports and accounting documents in client folders, passport scans, Visa scans, risk and asset management documents, contracts and agreements, credit agreements, audit reports and account balances.
The Vector: The hacking campaign came to light after the Russian-speaking cybercrime group Clop began targeting a previously unknown vulnerability in MOVEit around May 27 and May 28.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: U.S. healthcare giant HCA Healthcare, an American for-profit operator of healthcare facilities that was founded in 1968.
The Take: Patient names; address data, such as city, state and ZIP code; patient email addresses; phone numbers; dates of birth; gender; and patient service dates, such as locations, and details about next appointments.
The Vector: DataBreaches.net first reported the seller’s forum post on July 5, in which the seller claimed to have 27 million rows of information. Some of the column headers in the stolen file include data that HCA says was stolen, such as names, gender and dates of birth.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications.
The Target: Senior Choice, Inc., which manages and does business as three (3) residential facilities, The Atrium (216 Main Street, Johnstown, PA 15901), Beacon Ridge (1515 Wayne Ave, Indiana, PA 15701), and The Patriot (495 W Patriot St, Somerset, PA 15501).
The Take: Personal information including names and dates of birth, medical information including diagnosis and treatment information.
The Vector: There is evidence that unauthorized actors accessed some internal systems used for business operations during the period between April 18, 2023, and April 24, 2023.
This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.
The Target: California’s Public Employees' Retirement System, the largest public pension fund in the U.S., managing more than $477 billion in assets for over 1.5 million public employees, retirees, and their families in California.
The Take: First and last names; dates of birth; and social security numbers. It could have also included the names of former or current employers, spouse or domestic partner, and child or children.
The Vector: The organization said that it was informed on June 6 by a third-party vendor – PBI Research Services/Berwyn Group – that data was accessed by hackers exploiting the MOVEit file transfer tool.
This breach serves as a reminder of the risks associated with third-party vendors and highlights the need for stringent security measures and oversight when handling sensitive customer information.
The Target: Intellihartx, a company providing patient balance resolution services to hospitals.
The Take: Personal information of roughly 490,000 individuals, including names, addresses, insurance data and medical billing, diagnosis and medication information, birth dates, and Social Security numbers.
The Vector: The cyberattack exploited a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer software. Tracked as CVE-2023-0669 and leading to remote code execution, the flaw had been exploited starting January 28.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
The Target: Scranton Cardiology
The Take: Exposure of Personally Identifiable Information including: full names, physical addresses, dates of birth, social security numbers, driver’s license, passport numbers, credit card and bank number details, and some medical information.
The Vector: The breach occurred through a “brute-force” attack where the threat actor uses a program to sequentially try every combination to a password protected system.
This breach is a critical reminder of standards and processes around password hygiene. Length and complexity for passwords, no matter where in a firm’s system they are set, is crucial for a robust overall cyber-security posture. When attackers gain access to legitimate employee credentials, they can act with all the permissions and privileges belong to the user.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy