.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: SK Telecom is the largest mobile network operator in South Korea, holding approximately 48.4% of the mobile phone service market in the country, corresponding to 34 million subscribers.
The Take: USIM data is information stored on a Universal Subscriber Identity Module (USIM), which typically includes International Mobile Subscriber Identity (IMSI), Mobile Station ISDN Number (MSISDN), authentication keys, network usage data, and SMS or contacts if stored on the SIM. This data could be used for targeted surveillance, tracking, and SIM-swap attacks.
The Vector: A malware infection allowed threat actors to access sensitive USIM-related information for customers.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
MSN/Reuters: Computer and cloud security startup Chainguard said its latest funding round valued it at $3.5 billion, almost tripling in less than a year, underscoring sustained investor appetite for robust digital infrastructure.
SecurityWeek: The reported losses increased 33% compared to 2023, but the number of complaints received by the IC3 was slightly lower in 2024, at nearly 860,000 (compared to over 880,000 the year before).
Cybersecurity Dive: Cybersecurity risks are a top concern for business leaders globally, especially as ongoing AI additions expand the attack surface and make techniques like phishing more accessible for novice bad actors.
Yahoo Finance: Small and medium businesses are the latest targets for cybersecurity attacks, with one in three small businesses experiencing a data breach last year.
PYMNTS: The image of a hacker furiously typing strings of code to brute-force their way into a corporate server is becoming outdated. Today, the most dangerous cyber intrusions can come not from forced entries, but from front doors to organizational perimeters being quietly opened with valid credentials.
TechCrunch: The tech market doesn’t need to be soaring up and to the right to foster healthy M&A activity. Deals can get done even in down markets. But can M&A thrive in an uncertain market? That’s a harder question.
Dark Reading: As the Trump administration continues to pursue a chaotic tariff policy — announcing steep tariffs on the United States' major trading partners, only to pause most of the import taxes for 90 days — economists are increasingly predicting a recession in the next 12 months.
The Target: Car rental giant Hertz
The Take: The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.
The Vector: The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang. Hertz is one of dozens of companies that used Cleo’s software at the time of their data thefts. The Clop ransomware gang claimed last year to have exploited a zero-day vulnerability in Cleo’s widely used enterprise file transfer products, which allow companies to share large sets of sensitive data over the internet. By breaching these systems, the hackers stole reams of data from Cleo’s corporate customers.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
CSO Online: Generative AI’s many benefits come with the drawback of data security risks, primarily through shadow AI use and the leakage of sensitive information.
Cybersecurity Dive: Two federal lawmakers today introduced a bipartisan bill that preserves key regulation that facilitates the sharing of cyber-threat data between private companies and the federal government.
Bleeping Computer: CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.
Investing.com: Christopher Krebs, whom President Donald Trump fired as head of the Cybersecurity and Infrastructure Security Agency in 2020, said he is leaving cybersecurity company SentinelOne following pressure from the White House.
Crunchbase: After successive quarters of decline, venture funding to cybersecurity startups nudged up in the first quarter — and could see even more investment after having the largest acquisition of a private, venture-backed company ever.
PR Newswire: New research from Ernst & Young LLP highlights significant financial risks posed by today's evolving cybersecurity threat landscape, with alarming disconnects across the C-suite on exposure levels, threat sources and more.
PYMNTS.com: A Bloomberg report says that JPMorgan Chase and Bank of New York Mellon have scaled back electronic information sharing with the Office of the Comptroller of the Currency (OCC) following a significant breach of the regulator’s email system.
The Target: Sensata Technologies is an industrial technology company that develops, manufactures, and sells a wide range of sensors and sensor-rich solutions, as well as electrical protection components and systems.
The Take: A preliminary investigation with assistance from external cybersecurity experts confirmed that the hackers have exfiltrated data from the company network.
The Vector: Data theft is a common tactic used by ransomware actors to extort victims, increase pressure to pay a ransom, and create legal and regulatory complexities. Currently, Sensata is still determining what files were stolen in the attack and will notify impacted individuals and regulatory authorities as needed, based on the results of its investigation.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Cybersecurity Dive: Attackers gained access to emails containing sensitive government data related to financial institutions in a cyberattack on the Department of the Treasury’s Office of the Comptroller of the Currency (OCC), in what the agency characterized as a “major incident.”
TechFundingNews: Hawk, the Munich-based AI-driven compliance platform, has announced a $56 million Series C funding round to accelerate its mission of transforming how financial institutions detect and prevent money laundering, sanctions breaches, and fraud.
Business Wire: Radiant Logic (“the Company”), a pioneer in Identity Security Posture Management (“ISPM”) solutions, announced a strategic growth investment from Ridgeview Partners (“Ridgeview”), a growth-oriented technology private equity firm.
Yahoo Finance: Cybereco is thrilled to announce that it has received a generous financial contribution of $500,000 from Desjardins. This vital support is provided through the GoodSpark Fund and will help Cybereco strengthen its capacities and carry out projects focusing on innovation and codevelopment to further develop Canada's cybersecurity industry.
PYMNTS.com: AI cybersecurity startup Octane has emerged from stealth and announced it secured $6.75 million in a seed funding round.
CSO Online: The introduction of new US tariffs has significantly rattled the US cybersecurity sector, reducing the stock market valuations of cybersecurity companies by tens of billions of dollars and sparking concerns that organizations may be forced to cut cybersecurity spending.
Tech.eu: UK venture capital firm Osney Capital announced the first close of its debut fund to invest in the UK’s most promising cyber security startups. This fund is the UK’s first specialist cyber security seed fund, and it is oversubscribed from its original target of £50 million.
The Target: American software giant Oracle.
The Take: The compromised data includes usernames, passkeys, and encrypted passwords, which Oracle staff revealed to some clients.
The Vector: A hacker infiltrated a computer system, resulting in the theft of old client log-in credentials, according to Bloomberg News, citing two people familiar with the matter.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Guardian: Hackers have targeted Australian superannuation funds, with a small number of customers losing a combined half a million dollars, and compromising some members’ data, the industry’s peak body says.
Wealth Briefing Asia: Family offices are already feeling the impact of weak cybersecurity. As reported in a survey by Deloitte, the accountancy and professional services giant, found that almost half (43 per cent) of family offices around the world – a sector estimated to hold more than $3 trillion in total AuM – have suffered a cyberattack in the past two years.
Dark Reading: Japan has passed the Active Cyber Defense Bill, which will allow its military and law enforcement to take preemptive measures to combat cyber threats.
The Record: Russian President Vladimir Putin signed a law aimed at protecting citizens from cyber fraud, as financial cybercrime reportedly reached record levels in the country.
Business Wire: ReliaQuest, a leader in AI-powered security operations, announced a new funding round of more than $500 million led by EQT, KKR and FTV Capital, with participation from other existing investors Ten Eleven Ventures and Finback Investment Partners.
Cybersecurity Dive: Enterprises are pouring more money and resources into AI initiatives, whether it’s tapping new services, getting legacy systems ready for integration or training employees on how to best use the technology.
SecurityWeek: The investment, part of the Digital Europe Programme for 2025-2027, aims to drive digital technology advancements in the European Union. Part of the €1.3 billion funding will be allocated to cybersecurity, specifically for boosting cyber resilience in the EU.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
2nd Floor, The Park
V Parku 8
Chodov, Praha, 148 00
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy