.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Ahold Delhaize, one of the world's largest food retail chains. The multinational retailer and wholesale company operates over 9,400 local stores across Europe, the United States, and Indonesia, employing more than 393,000 people and serving approximately 60 million customers each week in-store and online.
The Take: The company added that the stolen items vary for each affected individual and that the stolen documents contain a combination of personal information such as name, contact information, financial account information, health information and employment-related information.
The Vector: In a filing with Maine's Attorney General, the retail giant revealed that the attackers behind the November breach stole the data of 2,242,521 individuals after gaining access to the company's internal U.S. business systems on November 6, 2024.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
The Target: Slim CD is a provider of payment processing solutions that enables businesses to access electronic and card payments via web-based terminals, mobile, or desktop apps.
The Take: The types of data that may have been accessed by the unauthorized party include: full name, physical address, credit card number and payment card expiration date.
The Vector: The firm first detected suspicious activity on its systems this year on June 15. During the investigation, the company discovered that hackers had gained access to its network since August 17, 2023.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Crypto ATM operator Bitcoin Depot
The Take: Bitcoin Depot said in its notice to customers that the breach involved their name, phone number, driver’s license number and could have also included addresses, birth dates and emails.
The Vector: On July 18, 2024, the cybersecurity firm finished its investigation and “confirmed that an unauthorized party accessed files containing personal information of certain customers,” according to a spokesperson and the customer notice.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds).
The Take: The McLaren data breach notification sample submitted to U.S. authorities confirms that full names were exposed, redacting other data types that were exposed. Therefore, the full extent of the data breach remains unclear.
The Vector: In the notice sent to impacted individuals, McLaren Health Care admits that the incident concerned a ransomware attack, though the INC ransomware gang, believed to be responsible for the attack, is still not mentioned.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Scania is a major Swedish manufacturer of heavy trucks, buses, and industrial and marine engines and is a member of the Volkswagen Group.
The Take: Documents related to insurance claims were downloaded. Insurance claim documents are likely to contain personal and possibly sensitive financial or medical data, so the incident could have a significant impact on those affected. At this time, the number of exposed individuals remains undefined.
The Vector: On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; the current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: Sensata is a global industrial tech firm specializing in mission‑critical sensors, controls, and electrical protection systems. It serves the automotive, aerospace, and defense industries, among others, and has an annual revenue of over $4 billion.
The Take: The company is now notifying an undisclosed number of impacted individuals that the following data was stolen: Full name, address, Social Security Number (SSN), driver's license number, state ID card number, passport number, financial account information, payment card information, medical information, health insurance information, date of birth.
The Vector: Subsequent investigations into the incident supported by an external expert showed that the ransomware actors breached Sensata's network on March 28, 2025.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states.
The Take: The information that could have been subject to unauthorized access and/or acquisition includes first and last name, as well as Social Security number.
The Vector: The investigation determined that information may have been accessed or acquired without authorization on February 3, 2025.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: Camden, New Jersey-based Cooper Health System
The Take: The potentially affected information included individuals’ names, dates of birth, Social Security numbers, health insurance information, treatment information, medical record numbers and medical history information.
The Vector: During the investigation, Cooper discovered that certain data stored in its systems was potentially acquired without authorization.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: The Legal Aid Agency, which is part of the UK’s Ministry of Justice, provides criminal and civil legal aid and advice to people in England and Wales.
The Take: The compromised data includes applicants’ contact details and addresses, dates of birth, national ID numbers, criminal history, and employment status, as well as financial information such as contribution amounts, payments, and debts.
The Vector: An investigation conducted with the aid of the National Crime Agency and National Cyber Security Centre revealed on May 16 that the intrusion was “more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants”.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Crypto giant Coinbase
The Take: The company said the hacker stole customer names, postal and email addresses, phone numbers, and the last four-digits of users’ Social Security numbers. The hacker also took masked bank account numbers and some banking identifiers, as well as customers’ government-issued identity documents, such as driver’s licenses and passports.
The Vector: Coinbase said the hacker “obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities.”
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy