.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Philadelphia Indemnity Insurance designs, markets, and underwrites commercial property/casualty and professional liability insurance products.
The Take: Philadelphia Indemnity launched an investigation and determined by July 9 that the stolen data included names, driver’s license numbers and dates of birth, according to the breach notice.
The Vector: An unauthorized party accessed customer data during an intrusion discovered between June 9 and June 10, according to the disclosure. The company previously called the incident a network outage, however it said there was no ransomware and no encryption.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
BNN Bloomberg: The average cost of a breach between March 2024 and February 2025 was $6.4 million, down from $6.6 million a year earlier, showed research released from technology giant IBM and the Ponemon Institute, a U.S.-based cybersecurity research centre.
Yahoo Finance: A growing number of enterprises in Australia are taking a centralized, cloud-based approach to cybersecurity amid rising threats, many of which involve AI, according to a new research report published today by Information Services Group (ISG), a global AI-centered technology research and advisory firm.
CNBC: CyberArk shareholders, for each of their shares, will get $45 cash and 2.2005 shares of Palo Alto. The deal is expected to close during Palo Alto Networks’ fiscal 2026.
Korea Times: Commercial lenders are finding it difficult to fully integrate generative artificial intelligence (AI) technologies into their financial services, impeded by the current regulation that prohibits the use of full, unencrypted personal credit information, market watchers said.
PR Newswire: AXA XL, a leading provider of cyber insurance, is proud to announce the launch of a new suite of proactive cybersecurity assessment offerings for its cyber policyholders in North America, in collaboration with Fenix24, a global leader in ransomware response and recovery.
Cybersecurity Dive: Allianz Life Insurance Company of North America disclosed a massive data breach affecting most of the firm’s 1.4 million U.S. customers, professionals and select employees.
TechCrunch: During the first few months of the new Trump administration, the White House slashed cybersecurity budgets, staff, and initiatives. And some, including cybersecurity experts and legislators, are not happy about it.
The Target: Ahold Delhaize, one of the world's largest food retail chains. The multinational retailer and wholesale company operates over 9,400 local stores across Europe, the United States, and Indonesia, employing more than 393,000 people and serving approximately 60 million customers each week in-store and online.
The Take: The company added that the stolen items vary for each affected individual and that the stolen documents contain a combination of personal information such as name, contact information, financial account information, health information and employment-related information.
The Vector: In a filing with Maine's Attorney General, the retail giant revealed that the attackers behind the November breach stole the data of 2,242,521 individuals after gaining access to the company's internal U.S. business systems on November 6, 2024.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Hedge Week: The Globe and Mail report cites the firm as revealing the breach in a letter to investors this week, stating that an unauthorised party accessed data through a third-party IT provider, rather than directly penetrating Waratah’s internal network.
Investing.com: Rapid7, Inc., a cybersecurity company generating $849 million in annual revenue with healthy gross margins of 71%, announced the release of Active Patching, a new automated patching and remediation solution integrated into its Exposure Command platform.
Dark Reading: Darktrace has acquired Mira Security, a startup that provides network traffic visibility solutions. Financial terms were not disclosed. The acquisition will strengthen Darktrace's network security portfolio through improved insights into encrypted network traffic, the company said.
Cointelegraph: US House Republicans are seeking to cut the Securities and Exchange Commission’s 2026 budget by 7%, while axing funds for enforcing a Biden-era rule that requires public companies to disclose cyber incidents.
Financial Newswire: The Australian Securities and Investments Commission (ASIC) has initiated legal action over Fortnum Private Wealth alleging it failed to properly manage and mitigate cyber security risks.
CNBC: Microsoft has warned of “active attacks” targeting its SharePoint collaboration software, with security researchers noting that organizations worldwide stand to be affected by the breach.
CSO Online: That headline ran atop a CSO story published in 2016. Nine years later, the prediction feels closer to coming true — with questions around jobs being replaced or redefined and whether cybersecurity pros should be worried taking on greater nuance, and still hanging in the balance.
The Target: Slim CD is a provider of payment processing solutions that enables businesses to access electronic and card payments via web-based terminals, mobile, or desktop apps.
The Take: The types of data that may have been accessed by the unauthorized party include: full name, physical address, credit card number and payment card expiration date.
The Vector: The firm first detected suspicious activity on its systems this year on June 15. During the investigation, the company discovered that hackers had gained access to its network since August 17, 2023.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Sky News: Sky News has learnt that NCC has engaged bankers at Rothschild to examine options for its cybersecurity arm, with a sale among the possible options being considered.
Dark Reading: Last year, breaches resulting from exploited vulnerabilities increased 180%, while the average cost of a data breach the US topped nearly $5 million.
Crunchbase: Cybersecurity was a hot area for venture investment in the first half of 2025, with total funding to the space hitting its highest level in three years.
Yahoo Finance/Reuters: Italian tech firm Exein said a pick up in European defence spending was supporting its domestic growth, as it closed a funding round aimed at global expansion.
Business Wire: Nautic Partners, LLC (“Nautic”) is pleased to announce that, in partnership with management, it has closed the acquisition of AccessIT Group, Inc. (“AccessIT”) as a new platform investment.
Yahoo Finance/Reuters: European Central Bank supervisors are focusing on issues ranging from tariffs to cyber attacks and a possible dollar shortage as they assess potential risks to the region's banking industry, five senior central bank officials told Reuters.
TechCrunch: The Trump administration, through the Department of Defense, plans to spend $1 billion over the next four years on what it calls “offensive cyber operations.”
The Target: Crypto ATM operator Bitcoin Depot
The Take: Bitcoin Depot said in its notice to customers that the breach involved their name, phone number, driver’s license number and could have also included addresses, birth dates and emails.
The Vector: On July 18, 2024, the cybersecurity firm finished its investigation and “confirmed that an unauthorized party accessed files containing personal information of certain customers,” according to a spokesperson and the customer notice.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Business Wire: Cyberstarts, the leading early-stage cybersecurity venture firm, announced the launch of a $300 million Employee Liquidity Fund.
CSO Online: Donald Trump's sprawling tax bill, which he signed on July 4, contained a few noteworthy cyber funding items, including $250 million for US Cyber Command to spend on “artificial intelligence lines of effort.”
Investing.com: HgCapital Trust plc announced it will invest approximately £48 million in A-LIGN, a provider of cyber compliance services, as part of a larger acquisition by Hg.
Private Equity Wire: Cyber security consulting firm S-RM’s latest study, based on a survey of 100 PE professionals across the UK, Europe, and the US, reveals that 72% of respondents have experienced a serious cyber incident across their portfolios in the past three years – highlighting cyber attacks as systemic risks that span entire investment ecosystems.
Cybersecurity Dive: The Securities and Exchange Commission has reached a settlement with SolarWinds and the company’s chief information security officer, Timothy Brown, to resolve charges stemming from the Russian-backed cyberattack on the company’s systems.
Bleeping Computer: Hackers stole nearly $140 million from six banks in Brazil by using an employee's credentials from C&M, a company that offers financial connectivity solutions.
Dark Reading: Ingram Micro, one of the world's largest IT distributors, has confirmed it suffered a ransomware attack that sparked a worldwide outage of its services.
The Target: Kelly Benefits is a provider of benefits consulting, enrollment technology, payroll administration, HRIS, compliance support, and carrier management.
The Take: The data breach notice sent to impacted individuals informs recipients of the specific data types impacted by the breach, which vary per person. However, the general notice published on the site says that the compromised info may contain full names, Social Security number, tax ID number, date of birth, medical information, health insurance information, and financial account information.
The Vector: The Maryland-based health and life insurance agency has issued an update on a security incident it suffered last year between December 12-17, when unauthorized actors breached its IT systems and stole files. On April 9, 2025, the company stated that the incident impacted 32,234 individuals. The figure was revised multiple times until the final tally shared with authorities in the U.S. counted 553,660 individuals.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Cybersecurity Dive: As commercial spyware proliferates and hackers linked to U.S. adversaries step up their attempts to breach high-profile American targets, one U.S. senator says the FBI isn’t doing enough to help lawmakers protect themselves.
TechCrunch: Max Financial Services said its insurance subsidiary Axis Max Life Insurance received communication from an anonymous sender about unauthorized access to its customer data.
CIO Dive: CIOs are under pressure to move AI projects along faster and demonstrate the corresponding value, but a need for speed doesn’t always translate to sustainable momentum.
Cointelegraph: Four North Korean nationals were charged in the state of Georgia with wire fraud and money laundering after posing as remote IT workers at US and Serbian blockchain companies and stealing almost $1 million in crypto, prosecutors said.
Dark Reading: The ransomware scourge has forced cyber insurers to re-examine how they use security assessments. While the threat has been around for years, it's only fairly recently that cybercriminals realized how profitable ransomware attacks could be.
GlobeNewswire: The global cybersecurity market was valued at US$ 233.4 billion in 2024 and is expected to reach US$ 723.8 billion by 2033, growing at a CAGR of 13.40% during the forecast period.
European Pensions: The Danish insurance and pension industries have outlined eight concrete proposals to strengthen cybersecurity, given the country's particular vulnerabilities in this area, according to Insurance and Pension Denmark (I&P Denmark).
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy