.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Sotheby’s is a leading global auction house for fine art and high-value items, as well as an asset-backed lending services provider.
The Take: According to a filing the organization submitted to Maine’s AG office, the data exposed in the incident includes full names, Social Security numbers (SSNs), and financial account information.
The Vector: “On July 24, 2025, Sotheby’s became aware that certain Sotheby’s data appeared to have been removed from our environment by an unknown actor,” reads the letter sent to impacted individuals.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: Video game chat platform Discord.
The Take: The data compromised may have included usernames, email, billing information, the last four digits of credit card numbers, IP addresses and messages with customer support.
The Vector: The company stated that an unauthorised party had compromised one of Discord’s third-party customer service providers, leading to the access of “a limited number of users” who had been in contact with the customer service or trust and safety teams.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Boyd Gaming is a public US casino entertainment company with 28 gaming properties in ten states.
The Take: The threat actors were able to steal data from the company's systems, which includes information about employees and individuals.
The Vector: In a new 8-K form filed with the US Securities and Exchange Commission (SEC), the company said it experienced a cybersecurity “incident” in which unauthorized third parties accessed its IT system.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Bouygues Telecom is one of the largest telecommunication service providers in France, offering mobile, internet, and IPTV services. Bouygues Telecom has 14.5 million mobile subscribers, 9,000 employees, and an annual revenue of €56.8 billion ($66B).
The Take: According to the FAQ, the following customer information was stolen: Contact details; Contract information; Civil status data; Company details (for business customers); International Bank Account Numbers (IBANs).
The Vector: A previous statement says that internal investigations confirmed that the attack was orchestrated by a 'known cybercriminal group' that targeted 'specific internal resources.'
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: A not-for-profit financial organization, Fairmont Federal Credit Union offers services such as business and home mortgage loans, financial first aid, and personal checking. It operates nine regional branches in West Virginia.
The Take: The hackers stole files containing names, dates of birth, Social Security numbers, driver’s license numbers, government ID numbers, financial information, medical and health insurance information, and other personal data. More alarming is that the stolen information contains full credit card/debit card details, including card numbers, security codes/PIN numbers, and expiration dates. IRS PIN numbers, tax ID numbers, routing numbers, and full access credentials were also compromised in the data breach.
The Vector: The organization discovered the cybersecurity incident on January 23, 2024 and launched a prompt and thorough forensic investigation, concluding on August 17, 2025, that files stolen from its network contained personal information.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Workiva, a leading cloud-based SaaS (Software as a Service) provider.
The Take: The threat actors exfiltrated a limited set of business contact information, including names, email addresses, phone numbers, and support ticket content.
The Vector: Workiva notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: TransUnion, one of America’s big three credit bureaus.
The Take: Names, Social Security numbers and dates of birth were among the stolen information, according to the Texas filing.
The Vector: TransUnion said "the incident involved unauthorized access to limited personal information for a very small percentage of U.S. consumers," adding, "we are working with law enforcement and have engaged third party cyber security experts for an independent forensics review."
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: Farmers Insurance is a U.S.-based insurer that provides auto, home, life, and business insurance products. It operates through a network of agents and subsidiaries, serving more than 10 million households nationwide.
The Take: The company says that its investigation determined that customers' names, addresses, dates of birth, driver's license numbers, and/or last four digits of Social Security numbers were stolen during the breach.
The Vector: On May 30, 2025, one of Farmers' third-party vendors alerted Farmers to suspicious activity involving an unauthorized actor accessing one of the vendor's databases containing Farmers customer information.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Workday, the cloud-based software company providing human resources systems
The Take: The threat actor was able to obtain what Workday described as “commonly available business contact information, like names, email addresses, and phone numbers,” which it speculated could be exploited “potentially to further their social engineering scams.”
The Vector: In its statement, the company said it “recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform,” although it did not identify which platform it uses.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Connex, one of Connecticut's largest credit unions.
The Take: The non-profit has yet to find evidence that the attackers gained access to the affected members' funds or accounts, but has discovered that they stole a combination of personal and financial data, including names, account numbers, debit card information, Social Security numbers, and government IDs.
The Vector: The investigation revealed that certain files may have been accessed or downloaded without authorization between June 2 and 3, 2025.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy