Industry News: ESG5

The Target:​ Workiva, a leading cloud-based SaaS (Software as a Service) provider.

The Take: The threat actors exfiltrated a limited set of business contact information, including names, email addresses, phone numbers, and support ticket content.

The Vector: Workiva notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target:​ TransUnion, one of America’s big three credit bureaus.

The Take: Names, Social Security numbers and dates of birth were among the stolen information, according to the Texas filing.

The Vector: TransUnion said "the incident involved unauthorized access to limited personal information for a very small percentage of U.S. consumers," adding, "we are working with law enforcement and have engaged third party cyber security experts for an independent forensics review."

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target:​ Farmers Insurance is a U.S.-based insurer that provides auto, home, life, and business insurance products. It operates through a network of agents and subsidiaries, serving more than 10 million households nationwide.

The Take: The company says that its investigation determined that customers' names, addresses, dates of birth, driver's license numbers, and/or last four digits of Social Security numbers were stolen during the breach.

The Vector: On May 30, 2025, one of Farmers' third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor's databases containing Farmers customer information.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target:​ Workday, the cloud-based software company providing human resources systems

The Take: The threat actor was able to obtain what Workday described as “commonly available business contact information, like names, email addresses, and phone numbers,” which it speculated could be exploited “potentially to further their social engineering scams.”

The Vector: In its statement, the company said it “recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform,” although it did not identify which platform it uses.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target:​ Connex, one of Connecticut's largest credit unions.

The Take: The non-profit has yet to find evidence that the attackers gained access to the affected members' funds or accounts, but has discovered that they stole a combination of personal and financial data, including names, account numbers, debit card information, Social Security numbers, and government IDs.

The Vector: The investigation revealed that certain files may have been accessed or downloaded without authorization between June 2 and 3, 2025.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target:​ Philadelphia Indemnity Insurance designs, markets, and underwrites commercial property/casualty and professional liability insurance products.

The Take: Philadelphia Indemnity launched an investigation and determined by July 9 that the stolen data included names, driver’s license numbers and dates of birth, according to the breach notice.

The Vector: An unauthorized party accessed customer data during an intrusion discovered between June 9 and June 10, according to the disclosure. The company previously called the incident a network outage, however it said there was no ransomware and no encryption.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target:​ Ahold Delhaize, one of the world's largest food retail chains. The multinational retailer and wholesale company operates over 9,400 local stores across Europe, the United States, and Indonesia, employing more than 393,000 people and serving approximately 60 million customers each week in-store and online.

The Take: The company added that the stolen items vary for each affected individual and that the stolen documents contain a combination of personal information such as name, contact information, financial account information, health information and employment-related information.

The Vector: In a filing with Maine's Attorney General, the retail giant revealed that the attackers behind the November breach stole the data of 2,242,521 individuals after gaining access to the company's internal U.S. business systems on November 6, 2024.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target:​ Slim CD is a provider of payment processing solutions that enables businesses to access electronic and card payments via web-based terminals, mobile, or desktop apps.

The Take: The types of data that may have been accessed by the unauthorized party include: full name, physical address, credit card number and payment card expiration date.

The Vector: The firm first detected suspicious activity on its systems this year on June 15. During the investigation, the company discovered that hackers had gained access to its network since August 17, 2023.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target:​ Crypto ATM operator Bitcoin Depot

The Take: Bitcoin Depot said in its notice to customers that the breach involved their name, phone number, driver’s license number and could have also included addresses, birth dates and emails.

The Vector: On July 18, 2024, the cybersecurity firm finished its investigation and “confirmed that an unauthorized party accessed files containing personal information of certain customers,” according to a spokesperson and the customer notice.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target:​ McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds).

The Take: The McLaren data breach notification sample submitted to U.S. authorities confirms that full names were exposed, redacting other data types that were exposed. Therefore, the full extent of the data breach remains unclear.

The Vector: In the notice sent to impacted individuals, McLaren Health Care admits that the incident concerned a ransomware attack, though the INC ransomware gang, believed to be responsible for the attack, is still not mentioned.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...