Industry News: ESG5

The Target:​ Sotheby’s is a leading global auction house for fine art and high-value items, as well as an asset-backed lending services provider.

The Take: According to a filing the organization submitted to Maine’s AG office, the data exposed in the incident includes full names, Social Security numbers (SSNs), and financial account information.

The Vector: “On July 24, 2025, Sotheby’s became aware that certain Sotheby’s data appeared to have been removed from our environment by an unknown actor,” reads the letter sent to impacted individuals.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

2025-10-23

European Business Magazine: Over a third of infrastructure private equity portfolios have been significantly impacted by cyber security, sustainability, regulatory, or geopolitical risks in the past three years, according to the 2025 Investor Sentiment Report: Forces of Change, published by global corporate intelligence and cyber security consultancy S-RM.

Read more...

2025-10-22

Funds Tech: AI has emerged as the top cybersecurity investment priority for companies navigating an evolving risk landscape, according to PwC’s 2026 Global Digital Trust Insights survey.

Read more...

2025-10-22

Cybersecurity Dive: EY’s new report pulls together a variety of insights about AI, from its role in the attack landscape to its integration into corporate environments. The consulting firm echoed other experts in warning that AI-powered automation is making it easier for hackers to conduct potentially costly intrusions.

Read more...

2025-10-22

Forbes: Determining the return on investment from cybersecurity begins with a simple idea: Spending a little today can save a lot tomorrow. Through the enactment of actual attacks during penetration testing and red team exercises, organizations find valuable insight on their defenses. 

Read more...

2025-10-21

SecurityWeek: Dataminr has developed a platform that leverages AI to process public data signals in search of critical events and threats, both in the physical and cyber worlds. It targets events such as natural disasters, civil unrest, vulnerabilities, data leaks, and financial market-moving events.

Read more...

2025-10-20

Office of the New York State Attorney General: New York Attorney General Letitia James today announced a settlement with a public accounting firm, Wojeski & Company (Wojeski), to strengthen its data security to protect consumers’ data.

Read more...

2025-10-20

CBC News: The federal Liberals plan to create a financial crimes agency to tackle online scams, all part of a national anti-fraud strategy, Finance Minister François-Philippe Champagne announced.

Read more...

The Target:​ Video game chat platform Discord.

The Take: The data compromised may have included usernames, email, billing information, the last four digits of credit card numbers, IP addresses and messages with customer support.

The Vector: The company stated that an unauthorised party had compromised one of Discord’s third-party customer service providers, leading to the access of “a limited number of users” who had been in contact with the customer service or trust and safety teams.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

2025-10-08

Yahoo Finance: New research commissioned by global S&P500 corporate payments company, Corpay, finds that 99% of UK finance leaders surveyed have experienced payments-related cyber incidents in the past two years, exposing the fragility of legacy systems and an urgent need for change.

Read more...