.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Conduent is an American business process outsourcing (BPO) company that provides digital platforms and services for governments and enterprises.
The Take: The data breach notifications state that people's name, Social Security Numbers, full date of birth, health insurance policy or ID number, or medical information was exposed.
The Vector: An investigation into the scope of the data breach has now determined that the attack impacted millions of people. Furthermore, although the breach was discovered in January 2025, the environment had been compromised much earlier, on October 21, 2024.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Yahoo News: The Federal Communications Commission will vote next month on whether to eliminate cybersecurity requirements for telecom carriers that the commission enacted under its previous leadership following sweeping Chinese government cyberattacks on telecoms.
SecurityWeek: The funding round was led by Allegis Capital, with participation from Alumni Ventures, DataPower VC, Domino Ventures and others. In addition to enabling Polygraf AI to improve its product, the new investment will be used for go-to-market efforts.
CFO Dive: Salesforce and Dell are among major companies that have reported ransomware attacks this year, according to news reports.
CSO Online: Roughly 70% of security executives believe internal conflicts during a crisis cause more problems than the cyberattack itself.
Yahoo News: Tariffs and trade barriers have surged to become a top-five concern for America's Chief Financial Officers (CFOs) in 2025, with 66% expecting negative impacts on their organizations; a dramatic new challenge that wasn't even measured as a distinct priority in 2024.
Mergers & Acquisitions (Opinion Piece):That’s a costly mistake, because in today’s risk landscape, few issues can affect enterprise value as quickly and forcefully as a cybersecurity incident.
Cybersecurity Dive: Dozens of countries signed a United Nations anti-cybercrime agreement, moving the accord forward despite concerns from U.S. businesses and human-rights groups about its unintended consequences.
The Target: Sotheby’s is a leading global auction house for fine art and high-value items, as well as an asset-backed lending services provider.
The Take: According to a filing the organization submitted to Maine’s AG office, the data exposed in the incident includes full names, Social Security numbers (SSNs), and financial account information.
The Vector: “On July 24, 2025, Sotheby’s became aware that certain Sotheby’s data appeared to have been removed from our environment by an unknown actor,” reads the letter sent to impacted individuals.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
European Business Magazine: Over a third of infrastructure private equity portfolios have been significantly impacted by cyber security, sustainability, regulatory, or geopolitical risks in the past three years, according to the 2025 Investor Sentiment Report: Forces of Change, published by global corporate intelligence and cyber security consultancy S-RM.
Funds Tech: AI has emerged as the top cybersecurity investment priority for companies navigating an evolving risk landscape, according to PwC’s 2026 Global Digital Trust Insights survey.
Cybersecurity Dive: EY’s new report pulls together a variety of insights about AI, from its role in the attack landscape to its integration into corporate environments. The consulting firm echoed other experts in warning that AI-powered automation is making it easier for hackers to conduct potentially costly intrusions.
Forbes: Determining the return on investment from cybersecurity begins with a simple idea: Spending a little today can save a lot tomorrow. Through the enactment of actual attacks during penetration testing and red team exercises, organizations find valuable insight on their defenses.
SecurityWeek: Dataminr has developed a platform that leverages AI to process public data signals in search of critical events and threats, both in the physical and cyber worlds. It targets events such as natural disasters, civil unrest, vulnerabilities, data leaks, and financial market-moving events.
Office of the New York State Attorney General: New York Attorney General Letitia James today announced a settlement with a public accounting firm, Wojeski & Company (Wojeski), to strengthen its data security to protect consumers’ data.
CBC News: The federal Liberals plan to create a financial crimes agency to tackle online scams, all part of a national anti-fraud strategy, Finance Minister François-Philippe Champagne announced.
The Target: Video game chat platform Discord.
The Take: The data compromised may have included usernames, email, billing information, the last four digits of credit card numbers, IP addresses and messages with customer support.
The Vector: The company stated that an unauthorised party had compromised one of Discord’s third-party customer service providers, leading to the access of “a limited number of users” who had been in contact with the customer service or trust and safety teams.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Yahoo Finance: New research commissioned by global S&P500 corporate payments company, Corpay, finds that 99% of UK finance leaders surveyed have experienced payments-related cyber incidents in the past two years, exposing the fragility of legacy systems and an urgent need for change.
Tech Radar: Cybersecurity has never been more critical than in today’s hyper-connected world, where businesses increasingly rely on third-party vendors to deliver essential services.
CSO Online: AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale.
Investing.com: Armis and Fortinet, a prominent cybersecurity player with a market capitalization of $66 billion and impressive gross profit margins of 81%, announced an expanded partnership aimed at simplifying security programs and strengthening cyber resilience for organizations worldwide.
TechCrunch: Hackers working for the North Korean government have stolen more than $2 billion in crypto so far this year, according to blockchain analysis firm Elliptic.
Cybersecurity Dive: More than seven of every 10 public companies on the S&P 500 now flag their use of artificial intelligence as a material risk in their public disclosures, according to a report released by The Conference Board.
SecurityWeek: A threat actor supposedly formed of members of known hacking groups has claimed the theft of large amounts of data from dozens of Salesforce customers.
The Target: Boyd Gaming is a public US casino entertainment company with 28 gaming properties in ten states.
The Take: The threat actors were able to steal data from the company's systems, which includes information about employees and individuals.
The Vector: In a new 8-K form filed with the US Securities and Exchange Commission (SEC), the company said it experienced a cybersecurity “incident” in which unauthorized third parties accessed its IT system.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
TechCrunch: Bryan Onel’s father was a locksmith. As for Onel, he described himself as the digital equivalent. Ethical hacking was Onel’s hobby growing up. He studied AI at university and then turned that hacking hobby into a profession.
Forbes: IBM’s "2025 Cost of a Data Breach Report" sounds an alarm for organizations racing to deploy AI without adequate safeguards. The study highlights how organizations are choosing speed and innovation over security oversight, which is translating into steeper breach costs and more-complex recovery efforts.
Cybersecurity Dive: A federal program that encourages companies to share cyber threat information expired, raising fears of significantly diminished cybersecurity collaboration between the government and the private sector.
CSO Online: Databricks is trying to carve out a bigger role in cybersecurity for itself with the launch of “Data Intelligence for Cybersecurity,” a platform aimed at unifying fragmented security data and powering AI agents against automated attacks.
Investing.com: CrowdStrike, the $122.58 billion cybersecurity powerhouse that has delivered a remarkable 74% return to investors over the past year, announced the appointment of Amjad Hussain as chief resilience officer, a new position focused on advancing operational excellence and reliability across the cybersecurity company’s platform and business operations.
SecurityWeek: The firm was founded by Mike Pena (CEO), Nicholas Gonzalez (chief revenue officer), Hector Monsegur (chief research officer), Ibrahim Karajic (VP of infrastructure), and Andy Sok (VP of product).
Forbes: As digital ecosystems expand and global interconnectivity accelerates, cybercrime is emerging as a significant economic vulnerability. In 2020, Cybersecurity Ventures projected it would inflict $10.5 trillion in damages annually by 2025.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy