Menu
Sign In
shutterstock_490960141-1

Industry News: ESG5

    Know Your Breach: McLaren Health Care

    The Target: McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds).

    The Take: The McLaren data breach notification sample submitted to U.S. authorities confirms that full names were exposed, redacting other data types that were exposed. Therefore, the full extent of the data breach remains unclear.

    The Vector: In the notice sent to impacted individuals, McLaren Health Care admits that the incident concerned a ransomware attack, though the INC ransomware gang, believed to be responsible for the attack, is still not mentioned.

    This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

    Read more...

    More Than Half of Cybersecurity Professionals Told to Conceal Breaches, Survey Claims

    2025-06-25

    Tech Monitor: More than half of cybersecurity professionals globally, at 57.6%, have been pressured to keep security breaches undisclosed, according to a survey by Bitdefender.

    Read more...

    Judge Approves AT&T’s $177 Million Data Breach Settlement

    2025-06-25

    Cybersecurity Dive: The consolidated class action highlights a growing concern for business leaders: the steady escalation of cybersecurity threats and data breach costs.

    Read more...

    Securing SaaS In The Age Of AI: What CISOs Need To Know

    2025-06-25

    Forbes: AI is everywhere. It’s driving productivity, accelerating workflows and powering SaaS for every department. But while AI tools are making life easier for teams, they are also creating new opportunities for cybersecurity attacks.

    Read more...

    Cycurion Secures $8 Million In New Cybersecurity Contracts

    2025-06-25

    Investing.com: Cycurion, Inc., a cybersecurity firm with trailing twelve-month revenue of $17.4 million and current market capitalization of $12.5 million, has secured several new contracts totaling over $8 million with government and commercial clients, the company announced.

    Read more...

    Cyber Insurance Premiums Drop For First Time, Report Finds

    2025-06-24

    Cybersecurity Dive: Last year’s decrease in the premiums generated from cyber insurance represents the first such decline since the National Association of Insurance Commissioners began collecting data in 2015, according to AM Best’s report.

    Read more...

    UK Cybersecurity Startups Struggle for VC Funding Despite Surge of Threats

    2025-06-23

    Pitchbook: Even as the UK government scrambles to support the cybersecurity industry following a string of attacks, VC funding for UK cybersecurity startups is on track to hit its lowest level in a decade.

    Read more...

    US Braces for Cyberattacks After Bombing Iranian Nuclear Sites

    2025-06-23

    SecurityWeek: After the US bombed three key nuclear sites in Iran, the regime in Tehran vowed to retaliate. The Department of Homeland Security (DHS) issued a national terrorism advisory system bulletin, warning that the Iranian government has publicly condemned the United States’ involvement in the conflict and that retaliation could come in several forms.

    Read more...

    Know Your Breach: Scania

    The Target: Scania is a major Swedish manufacturer of heavy trucks, buses, and industrial and marine engines and is a member of the Volkswagen Group.

    The Take: Documents related to insurance claims were downloaded. Insurance claim documents are likely to contain personal and possibly sensitive financial or medical data, so the incident could have a significant impact on those affected. At this time, the number of exposed individuals remains undefined.

    The Vector: On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; the current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.

    This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

    Read more...

    UBS and Pictet Report Data Leak After Cyber Attack On Provider, Client Data Unaffected

    2025-06-18

    Yahoo Finance: Swiss banks UBS and Pictet said they had suffered a data leak due to a cyber attack on a provider in Switzerland that did not compromise client information, although a report said thousands of UBS workers' data was affected.

    Read more...

    Instagram Ads Mimicking BMO, EQ Bank Are Finance Scams

    2025-06-17

    Bleeping Computer: Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud.

    Read more...

    Tikehau Capital Leads $161 Million Push Into European defence through private equity fund

    2025-06-17

    Private Equity Insights: The fund – named Tikehau Défense et Sécurité – marks a first in the French market as a non-listed vehicle eligible for unit-linked life insurance and retirement savings products.

    Read more...

    Citing Strategic Shift, SEC Withdraws 14 Biden-Era Proposals

    2025-06-16

    Plan Adviser: The Securities and Exchange Commission has withdrawn 14 proposed rules and amendments issued between March 2022 and November 2023, under former President Joe Biden, continuing the agency’s regulatory shift under leadership appointed by President Donald Trump. 

    Read more...

    Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report

    2025-06-16

    SecurityWeek: The probe, still in its early stages, will assess whether the deal would harm competition in the cybersecurity market. The publication noted that these reviews can stretch for months and may include interviews with customers, rivals, and the merging companies.

    Read more...

    Hackers Switch to Targeting U.S. Insurance Companies

    2025-06-16

    Bleeping Computer: Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity.

    Read more...

    ‘We’re Being Attacked All The Time’: How UK Banks Stop Hackers

    2025-06-15

    The Guardian: It is every bank boss’s worst nightmare: a panicked phone call informs them a cyber-attack has crippled the IT system, rapidly unleashing chaos across the entire UK financial industry.

    Read more...

    Know Your Breach: Sensata

    The Target: Sensata is a global industrial tech firm specializing in missioncritical sensors, controls, and electrical protection systems. It serves the automotive, aerospace, and defense industries, among others, and has an annual revenue of over $4 billion.

    The Take: The company is now notifying an undisclosed number of impacted individuals that the following data was stolen: Full name, address, Social Security Number (SSN), driver's license number, state ID card number, passport number, financial account information, payment card information, medical information, health insurance information, date of birth.

    The Vector: Subsequent investigations into the incident supported by an external expert showed that the ransomware actors breached Sensata's network on March 28, 2025.

    This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

    Read more...

    Smaller Organizations Nearing Cybersecurity Breaking Point

    2025-06-12

    CSO Online: Experts quizzed by CSO said that the rapid adoption of emerging technologies — which comes with the downside of fresh vulnerabilities that cybercriminals can exploit — together with a widening skills gap is contributing to a deteriorating security outlook for small and midsize businesses (SMBs).

    Read more...

    Global Law-Enforcement Operation Targets Infostealer Malware

    2025-06-11

    Cybersecurity Dive: An international law enforcement operation has dismantled the computer infrastructure powering multiple strains of information-stealer malware.

    Read more...

    From Malware to Deepfakes, Generative AI is Transforming Attacks

    2025-06-10

    Cybersecurity Dive: Artificial intelligence is turbocharging hackers’ operations, from writing malware to preparing phishing messages. But generative AI’s much-touted impact has its limits, a cybersecurity expert said at an industry conference.

    Read more...

    Banking Groups Ask Treasury to Limit Data Collection After Cybersecurity Incidents

    2025-06-09

    PYMNTS: Four financial industry trade associations said that federal agencies should limit their data collection to “only what is necessary” after a series of cybersecurity incidents targeted those agencies.

    Read more...

    Guardz Banks $56 Million Series B for All-in-One SMB Security

    2025-06-09

    SecurityWeek: The Israeli company said the Series B raise included equity stakes for new backer Phoenix Financial and returning investors Glilot Capital Partners, SentinelOne, Hanaco Ventures, iAngels, GKFF Ventures and Lumir. 

    Read more...

    SentinelOne Shares New Details on China-Linked Breach Attempt

    2025-06-09

    Bleeping Computer: SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm.

    Read more...

    New Trump Cybersecurity Order Reverses Biden, Obama Priorities

    2025-06-09

    Dark Reading: A June 6 cybersecurity executive order from the Trump White House takes a couple of swipes at presidential predecessors Barack Obama and Joe Biden.

    Read more...

    Know Your Breach: Lee Enterprises

    The Target: As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states.

    The Take: The information that could have been subject to unauthorized access and/or acquisition includes first and last name, as well as Social Security number.

    The Vector: The investigation determined that information may have been accessed or acquired without authorization on February 3, 2025.

    This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

    Read more...

    Trump’s National Cyber Director Nominee Dodges Criticism of Funding Cuts

    2025-06-05

    Cybersecurity Dive: President Donald Trump’s nominee for national cyber director spent his Senate confirmation hearing calling for bold action to repel hackers but ducking questions about the impact of the administration’s proposed cybersecurity funding cuts.

    Read more...

    ThreatSpike Raises $14 Million in Series A Funding

    2025-06-04

    SecurityWeek: Founded in 2011, the London-based firm provides real-time detection and response and penetration testing capabilities in a single, unified platform that delivers enterprise-grade cybersecurity to mid-sized businesses.

    Read more...

    Microsoft Unveils Free EU Cybersecurity Program for Governments

    2025-06-04

    Bleeping Computer: Microsoft announced in Berlin a new European Security Program that promises to bolster cybersecurity for European governments.

    Read more...

    MainStreet Bank Reports Vendor Cyber Incident That Leaked Customer Info

    2025-06-02

    The Record: MainStreet Bank said a cyberattack affecting one of its vendors exposed the sensitive information of about 5% of its customers. In regulatory filings with the Securities and Exchange Commission (SEC), MainStreet Bancshares said it was informed in March that the vendor was compromised.

    Read more...

    AI Agents Observed Sharing Sensitive Corporate Data: SailPoint

    2025-06-02

    CFO Dive: The research comes as AI agents proliferate, gaining access to sensitive corporate data, including customer information, financial details, intellectual property, legal documents and supply chain transactions, the cybersecurity firm said.

    Read more...

    Report: Coinbase Learned of Data Breach in January

    2025-06-02

    PYMNTS: Coinbase reportedly knew in January about a data breach at an outsourcing company that it publicly disclosed May 14 in a filing with the Securities and Exchange Commission (SEC).

    Read more...

    Australia Begins New Ransomware Payment Disclosure Rules

    2025-06-02

    Dark Reading: Australia implemented new ransomware payment disclosure rules at the end of May, which will apply to all organizations with an annual turnover of AUS$3 million ($1.93 million).

    Read more...

    About Castle Hall Diligence

    Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

    Subscribe to Cyber Updates