.jpg?width=200&height=78&name=CH%20Diligence%20(thicker%20line).jpg "CH Diligence (thicker line)")
The Target: Kaiser Permanente, a U.S based health plan and health-care provider.
The Take: Personally Identifiable health Information on 69,000 individuals, including: first and last name, medical record number, dates of service, laboratory test results.
The Vector: A threat actor gained access to compromised employee email account and acting with all the same permissions as the breached credentials, downloaded and stole the information.
This breach is a stark reminder of the importance of robust employee credential authentication and password hygiene. Performing regular monitoring on account behaviour is critical to ensure access is kept within the firm. Additionally, locking down appropriate permissions, admin access, and ensuring users only need the tools they need to do their jobs, and no more, will reduce the risk of these attacks.
Security Week: A SecurityWeek study showed that more than 430 cybersecurity mergers and acquisitions were announced in 2021. SecurityWeek will soon also publish an M&A analysis for the first half of 2022.
BNN Bloomberg: China’s cabinet stressed the need to bolster information security, following a huge leak of personal data that could be the largest cyber-attack in the country’s history.
Tech Crunch: Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information.
The Middletown Press: Officials with a Foxborough, Mass.-based cybersecurity firm announced their company has acquired Edge Technology Group of Greenwich, which is an information technology company serving financial firms.
Dark Reading: The recent upheaval in the supply chain is unprecedented, thanks to ongoing disruptions tied to the pandemic, financial and trade sanctions stemming from Russia's war in Ukraine, cyberattacks targeting the supply chain, and other factors.
Tech Radar: The Chief Digital and Artificial Intelligence Office (CDAO), the Directorate for Digital Services and the Department of Defense Cyber Crime Center (DC3) jointly launched “Hack US”, a bounty-hunting program aimed at identifying high-severity flaws in government systems.
Forbes: When a private equity firm had acquired a midsized manufacturer late last year, little did they know that someone else had set on the same target as well. Just two months after it was purchased, a cybercriminal organization launched a crippling ransomware attack that locked up the manufacturer’s systems.
The Target: Halfords, a U.K-based automobile maintenance service.
The Take: Exposure of Personally Identifiable Information of current and past customers including: telephone number, car details, and physical address location.
The Vector: The firm’s automated confirmation email which contained a URL link for order tracking with ID in the address. By incrementing the ID number, different orders belonging to other customers were able to be freely accessed and seen.
The breach is critical reminder of the importance of credential management and authentication around points of access which expose customer data. The information stored in customer record scenarios is especially sensitive as the exposed details can greatly aid malicious actors in crafting highly targeted and effective spear-phishing campaigns. All points of access to sensitive data should be appropriately locked down, minimizing unnecessary and dangerous exposure of customer information.
CoinDesk: Watch out for phishing emails, says OpenSea, after staff at the world’s largest NFT marketplace discovered that an employee of Customer.io, a platform for managing email newsletters and campaigns, leaked the list of OpenSea customers’ emails to an outside party.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montréal
1080 Côte du Beaver Hall, Suite 904
Montréal, QC
Canada, H2Z 1S8
+1-450-465-8880
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy