.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Western Alliance is a wholly owned subsidiary of Western Alliance Bancorporation, a leading U.S. banking company with over $80 billion in assets.
The Take: An analysis of the stolen files concluded on February 21, 2025, and found they contained customer personal information, including names and Social Security numbers, as well as their dates of birth, financial account numbers, driver's license numbers, tax identification numbers, and/or passport information if it was provided to Western Alliance.
The Vector: The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files stored on the compromised devices.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
Yahoo News/Reuters: Hong Kong passed a cybersecurity law to regulate operators of critical infrastructure, forcing them to strengthen computer systems and report cybersecurity incidents or risk penalties of up to HK$5 million ($640,000).
Dark Reading: Cybersecurity is at an inflection point. As threats grow in complexity and regulatory scrutiny increases, leadership in the industry is evolving. I know this firsthand: If you had told me years ago that I'd be leading a cybersecurity company, I probably wouldn't have believed you.
Yahoo Finance: Wiz backer Sequoia Capital is poised to deliver a return of about 25 times its invested capital from the cybersecurity startup’s pending sale to Google parent Alphabet Inc., according to a person with knowledge of the matter.
The Guardian: Google’s owner, Alphabet, has agreed to buy the cybersecurity group Wiz for $32bn (£24.7bn), the biggest acquisition it has ever made.The search company’s purchase of the Israeli startup comes as Google attempts to catch its competitors Microsoft and Amazon in the competitive cloud services market.
Business Wire: Resecurity, a U.S.-based cybersecurity company protecting Fortune 500 companies and government agencies globally, has announced a strategic partnership with the Union of Arab Banks (UAB) to enhance cybersecurity capabilities, fraud prevention and threat intelligence sharing across the Arab banking and financial sectors.
GlobeNewswire: Ciso Global Inc., a leader in AI-powered security software, managed cybersecurity, and compliance, announced the product launch of CISO Edge, its next-generation AI-driven cloud security solution, now available to existing customers and channel partners.
Business Wire: Brighton Park Capital (“Brighton Park”), an investment firm focused on entrepreneur-led, growth-stage companies in software and healthcare, announced a growth investment in HITRUST, the leader in information security assurance for risk management and compliance.
The Target: The Japanese information and communication technology provider NTT Communications Corporation (NTT Com).
The Take: The threat actor, the company says, exfiltrated information on 17,891 customer companies, including contract numbers, customer names, contact names, phone numbers, email addresses, physical addresses, and information on service usage.
The Vector: The incident, the telecoms firm says, occurred on February 5, when an unnamed threat actor accessed its internal systems, including those hosting information on services provided to customer companies.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
MSN: The Australian securities watchdog said it is taking fixed-income broker FIIG to court, alleging it failed to implement adequate cybersecurity measures over a four-year period, enabling a hacker to infiltrate its IT network.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
2nd Floor, The Park
V Parku 8
Chodov, Praha, 148 00
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy