.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Régie Autonome des Transports Parisiens
The Take: Exposure of 3 million records of Personally Identifiable Information belonging to 60,000 employees including: full names, email addresses, source code and APIs, logins for their RATP accounts, hashed passwords, and more critically, access to the firm’s Github account where attackers could access ongoing projects.
The Vector: The data was left open and accessible to public on an unsecured SQL database backup server, allowing anyone with internet access to connect and view the sensitive information.
It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure. This breach highlights the multiplicative effects of these cascading pivot attacks which is why it’s important to lock down every point of access in an IT system.
U.S. News: Israel led a 10-country simulation of a major cyberattack on the global financial system in an attempt to increase cooperation that could help to minimise any potential damage to financial markets and banks.
CNBC: Financial advisors may want to view cybersecurity as a critical issue on more than one level.
Yahoo News: Hummingbird, which sells anti-money laundering software to banks and fintechs, announced today that it raised a $30 million Series B led by new investor Battery Ventures. Existing investors Flourish and Homebrew also participated in the round, alongside FinVC and Plaid co-founder William Hockey.
Politico: Senior Biden administration officials met in Silicon Valley on Monday with key technology and cybersecurity companies as part of a push for more help from the private sector in fending off increasingly aggressive hackers working for adversarial regimes and criminal gangs.
Business Wire: In the Experian ninth annual Data Breach Industry Forecast, five predictions for 2022 underscore the ongoing impact of the pandemic on cybersecurity. Cybercriminals will continue to exploit vulnerabilities within remote working and the vaccine ecosystem, but also set their sights on new targets such as online gambling.
U.S. News: A top U.S. banking regulator is cautioning firms to ensure they have robust policies to protect themselves from cyberattacks, saying it is seeing an uptick in ransomware attacks, it said in a report issued.
CNBC: Crypto trading platform Bitmart says it will use its own money to reimburse victims of a large-scale security breach, in which hackers took as much as $196 million.
The Target: Huntington Hospital, a New York based medical center.
The Take: Exposure of 13,000 records of Personally Identifiable Information including: name, date-of-birth, phone number, addresses, internal account number, medical record number, diagnoses, and other treatment information.
The Vector: An employee improperly accessed this information without clearance and was not prevented from viewing this data based upon their level of access and role within the firm, exposing the data.
This breach highlights the important concept of Least-Privilege when it comes to system access and authorization. Employees should only have access to the minimum amount of information and privileges they need to do their role. Ensuring this process is applied at all levels of access across a firm is a key component to maintaining a robust Cybersecurity posture.
CTV News: The Office of the Secretary to Gov. Gen. Mary Simon says that there’s been an ‘unauthorized access to its internal network,’ with the scope of the breach still under investigation.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy