.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Comcast is an American mass media, telecommunications, and entertainment multinational company, and the fourth-largest telecom firm in the world by revenue, after AT&T, Verizon, and China Mobile.
The Take: The threat actors stole personal and financial information between February 14 and February 26, including the names, addresses, Social Security numbers, dates of birth, and Comcast account numbers of affected current and former customers.
The Vector: The breach occurred in February 2024, when attackers hacked into the systems of Financial Business and Consumer Solutions (FBCS), a debt collector Comcast had stopped using two years earlier.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Yahoo News/Reuters: EU member states and the European Parliament have agreed on new rules to force banks and other payment service providers to better protect their customers against online fraud, hidden fees and data leaks, the Parliament said.
SecurityWeek: The threat actors were seen impersonating financial institutions to steal money or information from individuals, businesses, and organizations of different sizes, as over 5,100 complaints received by the agency show.
Forbes: For too long, the cybersecurity industry has relied on hope and hype when it should be focused on demonstrable effectiveness. Massive investments in cybersecurity haven’t translated into confidence for executives, boards or insurers—and CISOs are stuck in the middle.
CSO Online: A seasonal surge in malicious activity combined with alliances between ransomware groups led to a 41% increase in attacks between September and October. Cybercriminal group Qilin continues to be the most active ransomware paddlers, responsible for 170 of 594 attacks (29%) in October, NCC Group reports.
SecurityWeek: Founded in 2023 by veteran cybersecurity experts, Opti has built an AI-native identity and access management (IAM) platform. The company’s solution is powered by a context-aware engine that continuously monitors access and risks across identities and applications, enabling security teams to define, govern, and protect identities.
Investment News: The Securities and Exchange Commission has levied a $325,000 penalty against M Holdings Securities for failing to maintain adequate cybersecurity safeguards across its nationwide network of member firms, marking the latest enforcement action targeting inadequate information security practices in the wealth management industry.
TechCrunch: Several U.S. banking giants and mortgage lenders are reportedly scrambling to assess how much of their customers’ data was stolen during a cyberattack on a New York financial technology company earlier this month.
The Target: Checkout operates checkout.com and is a global payment processing firm that provides a unified payments API, hosted payment portals, mobile SDK, and plugins to use on existing platforms.
The Take: Checkout says the threat actor, known as ShinyHunters, gained access to a third-party legacy system that had not been properly decommissioned, which held merchant data from 2020 and earlier, including internal operational documents and onboarding materials
The Vector: Upon investigation, Checkout determined that this data was obtained by the threat actor gaining unauthorized access to a legacy third-party cloud file storage system, used in 2020 and prior years.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Yahoo Finance: The Securities and Exchange Commission said it was dropping a landmark civil fraud case against SolarWinds and Tim Brown, the company’s chief information security officer.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy