.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: Marriage Tax Refund, a UK-based tax relief organization.
The take: 100,000 records of personally identifiable information including: full name, gender, home address, partner name and address, and refund amounts.
The attack vector: The firm had misconfigured its WordPress based Client Management Service, exposing a directory list containing PDF documents to the public. There was no password protection or credential management in place, meaning anyone with an internet connection could have viewed and downloaded the contents of the database.
Compromised management software of client data poses a high risk for a firm. Robust credential control around software which manages personally identifiable information is critical to maintaining a firm’s security and that of their clients. This breach highlights the importance of the management of client systems which contain client data, and how this information is accessed and secured, giving a critical reminder of how closely it needs to be managed.
MSN: Cybersecurity exchange-traded funds surged Wednesday, adding to a string of gains after a high-profile hack of U.S. government systems early in the week of Dec. 13. The ETFMG Cyber Security ETF was up 1% mid-morning, and the First Trust NASDAQ Cybersecurity ETF gained 1.3%. The Global X Cybersecurity ETF jumped 1.7%. The broader market was flat ahead of a Federal Reserve press conference and a fiscal aid package decision from Congress.
Security Magazine: The coronavirus pandemic has sparked a new round of digital transformation. But in many cases, the rapid pace of digital acceleration has enlarged the digital footprint of both businesses and consumers beyond the capacity of our cybersecurity infrastructure to keep up. The scary reality is that the business impact of COVID-19 may be creating the perfect storm for a cybercrime pandemic; digital citizens will have to act aggressively to secure their data before it’s too late.
CRN: SolarWinds majority owners Silver Lake and Thoma Bravo sold $286 million of stock just before the company announced a new CEO and disclosed a cyberattack.
Claims Journal: As details of the most audacious hack on the U.S. government in recent memory continued to stun lawmakers and the public, a government watchdog released a blistering report saying that federal agencies have failed to implement key safeguards for their information technology supply chains.
Reuters: Ransomware attacks increased in terms of both severity and costs this year, forcing insurers to become more selective and even scale back on the cover they offer against cyber crimes, a report from a leading insurer showed.
Cision: In 2019, the FBI’s Internet Crime Complaint Center recorded 23,775 complaints about business email compromise (BEC), which resulted in more than $1.7 billion in losses. In the wake of COVID-19, fraudulent cybercrimes and email schemes are on the rise.
Lupa Express: The federal banking businesses are poised to suggest new guidelines that would spell out banks’ obligations to inform their regulators promptly a few knowledge breach.
The target: The NHS, the United Kingdom’s national healthcare service provider.
The take: 284 records of personally identifiable information including: names, dates of birth, contact information, and hospital identification numbers.
The attack vector: The breach was the result of human error and internal process failure when a spreadsheet containing the personal information was accidentally emailed to thirty-one individuals outside the NHS.
This incident could have been avoided with the implementation of data classification controls – appropriate tagging of sensitive materials could have provided an additional stopgap before this document left internal systems. Ultimately, this breach serves as an important reminder that wherever sensitive personal data is in play, vetted processes should be implemented and followed, with regular training and reminders, to ensure its protection. It is an organization’s responsibility to provide the tools and training necessary to maintain safe and consistent approaches to handling data, and to impress upon staff the importance of adherence to procedure.
IMF: Kristalina Georgieva , IMF Managing Director. (Virtual) Conference on Financial Inclusion and Cybersecurity. Co-hosted by International Monetary Fund, Carnegie Endowment for International Peace, World Bank, and the World Economic Forum.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy