.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds).
The Take: The McLaren data breach notification sample submitted to U.S. authorities confirms that full names were exposed, redacting other data types that were exposed. Therefore, the full extent of the data breach remains unclear.
The Vector: In the notice sent to impacted individuals, McLaren Health Care admits that the incident concerned a ransomware attack, though the INC ransomware gang, believed to be responsible for the attack, is still not mentioned.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Tech Monitor: More than half of cybersecurity professionals globally, at 57.6%, have been pressured to keep security breaches undisclosed, according to a survey by Bitdefender.
Cybersecurity Dive: The consolidated class action highlights a growing concern for business leaders: the steady escalation of cybersecurity threats and data breach costs.
Forbes: AI is everywhere. It’s driving productivity, accelerating workflows and powering SaaS for every department. But while AI tools are making life easier for teams, they are also creating new opportunities for cybersecurity attacks.
Investing.com: Cycurion, Inc., a cybersecurity firm with trailing twelve-month revenue of $17.4 million and current market capitalization of $12.5 million, has secured several new contracts totaling over $8 million with government and commercial clients, the company announced.
Cybersecurity Dive: Last year’s decrease in the premiums generated from cyber insurance represents the first such decline since the National Association of Insurance Commissioners began collecting data in 2015, according to AM Best’s report.
Pitchbook: Even as the UK government scrambles to support the cybersecurity industry following a string of attacks, VC funding for UK cybersecurity startups is on track to hit its lowest level in a decade.
SecurityWeek: After the US bombed three key nuclear sites in Iran, the regime in Tehran vowed to retaliate. The Department of Homeland Security (DHS) issued a national terrorism advisory system bulletin, warning that the Iranian government has publicly condemned the United States’ involvement in the conflict and that retaliation could come in several forms.
The Target: Scania is a major Swedish manufacturer of heavy trucks, buses, and industrial and marine engines and is a member of the Volkswagen Group.
The Take: Documents related to insurance claims were downloaded. Insurance claim documents are likely to contain personal and possibly sensitive financial or medical data, so the incident could have a significant impact on those affected. At this time, the number of exposed individuals remains undefined.
The Vector: On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; the current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Yahoo Finance: Swiss banks UBS and Pictet said they had suffered a data leak due to a cyber attack on a provider in Switzerland that did not compromise client information, although a report said thousands of UBS workers' data was affected.
Bleeping Computer: Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud.
Private Equity Insights: The fund – named Tikehau Défense et Sécurité – marks a first in the French market as a non-listed vehicle eligible for unit-linked life insurance and retirement savings products.
Plan Adviser: The Securities and Exchange Commission has withdrawn 14 proposed rules and amendments issued between March 2022 and November 2023, under former President Joe Biden, continuing the agency’s regulatory shift under leadership appointed by President Donald Trump.
SecurityWeek: The probe, still in its early stages, will assess whether the deal would harm competition in the cybersecurity market. The publication noted that these reviews can stretch for months and may include interviews with customers, rivals, and the merging companies.
Bleeping Computer: Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity.
The Guardian: It is every bank boss’s worst nightmare: a panicked phone call informs them a cyber-attack has crippled the IT system, rapidly unleashing chaos across the entire UK financial industry.
The Target: Sensata is a global industrial tech firm specializing in mission‑critical sensors, controls, and electrical protection systems. It serves the automotive, aerospace, and defense industries, among others, and has an annual revenue of over $4 billion.
The Take: The company is now notifying an undisclosed number of impacted individuals that the following data was stolen: Full name, address, Social Security Number (SSN), driver's license number, state ID card number, passport number, financial account information, payment card information, medical information, health insurance information, date of birth.
The Vector: Subsequent investigations into the incident supported by an external expert showed that the ransomware actors breached Sensata's network on March 28, 2025.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
CSO Online: Experts quizzed by CSO said that the rapid adoption of emerging technologies — which comes with the downside of fresh vulnerabilities that cybercriminals can exploit — together with a widening skills gap is contributing to a deteriorating security outlook for small and midsize businesses (SMBs).
Cybersecurity Dive: An international law enforcement operation has dismantled the computer infrastructure powering multiple strains of information-stealer malware.
Cybersecurity Dive: Artificial intelligence is turbocharging hackers’ operations, from writing malware to preparing phishing messages. But generative AI’s much-touted impact has its limits, a cybersecurity expert said at an industry conference.
PYMNTS: Four financial industry trade associations said that federal agencies should limit their data collection to “only what is necessary” after a series of cybersecurity incidents targeted those agencies.
SecurityWeek: The Israeli company said the Series B raise included equity stakes for new backer Phoenix Financial and returning investors Glilot Capital Partners, SentinelOne, Hanaco Ventures, iAngels, GKFF Ventures and Lumir.
Bleeping Computer: SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm.
Dark Reading: A June 6 cybersecurity executive order from the Trump White House takes a couple of swipes at presidential predecessors Barack Obama and Joe Biden.
The Target: As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states.
The Take: The information that could have been subject to unauthorized access and/or acquisition includes first and last name, as well as Social Security number.
The Vector: The investigation determined that information may have been accessed or acquired without authorization on February 3, 2025.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Cybersecurity Dive: President Donald Trump’s nominee for national cyber director spent his Senate confirmation hearing calling for bold action to repel hackers but ducking questions about the impact of the administration’s proposed cybersecurity funding cuts.
SecurityWeek: Founded in 2011, the London-based firm provides real-time detection and response and penetration testing capabilities in a single, unified platform that delivers enterprise-grade cybersecurity to mid-sized businesses.
Bleeping Computer: Microsoft announced in Berlin a new European Security Program that promises to bolster cybersecurity for European governments.
The Record: MainStreet Bank said a cyberattack affecting one of its vendors exposed the sensitive information of about 5% of its customers. In regulatory filings with the Securities and Exchange Commission (SEC), MainStreet Bancshares said it was informed in March that the vendor was compromised.
CFO Dive: The research comes as AI agents proliferate, gaining access to sensitive corporate data, including customer information, financial details, intellectual property, legal documents and supply chain transactions, the cybersecurity firm said.
PYMNTS: Coinbase reportedly knew in January about a data breach at an outsourcing company that it publicly disclosed May 14 in a filing with the Securities and Exchange Commission (SEC).
Dark Reading: Australia implemented new ransomware payment disclosure rules at the end of May, which will apply to all organizations with an annual turnover of AUS$3 million ($1.93 million).
