Industry News: ESG5

The Target: ​ ​ SK Telecom is the largest mobile network operator in South Korea, holding approximately 48.4% of the mobile phone service market in the country, corresponding to 34 million subscribers.

The Take: USIM data is information stored on a Universal Subscriber Identity Module (USIM), which typically includes International Mobile Subscriber Identity (IMSI), Mobile Station ISDN Number (MSISDN), authentication keys, network usage data, and SMS or contacts if stored on the SIM. This data could be used for targeted surveillance, tracking, and SIM-swap attacks.

The Vector: A malware infection allowed threat actors to access sensitive USIM-related information for customers.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: ​ ​Car rental giant Hertz

The Take: The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

The Vector: The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang. Hertz is one of dozens of companies that used Cleo’s software at the time of their data thefts. The Clop ransomware gang claimed last year to have exploited a zero-day vulnerability in Cleo’s widely used enterprise file transfer products, which allow companies to share large sets of sensitive data over the internet. By breaching these systems, the hackers stole reams of data from Cleo’s corporate customers.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target:​ ​Sensata Technologies is an industrial technology company that develops, manufactures, and sells a wide range of sensors and sensor-rich solutions, as well as electrical protection components and systems.

The Take: A preliminary investigation with assistance from external cybersecurity experts confirmed that the hackers have exfiltrated data from the company network.

The Vector: Data theft is a common tactic used by ransomware actors to extort victims, increase pressure to pay a ransom, and create legal and regulatory complexities. Currently, Sensata is still determining what files were stolen in the attack and will notify impacted individuals and regulatory authorities as needed, based on the results of its investigation.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: ​ American software giant Oracle.

The Take: The compromised data includes usernames, passkeys, and encrypted passwords, which Oracle staff revealed to some clients.

The Vector: A hacker infiltrated a computer system, resulting in the theft of old client log-in credentials, according to Bloomberg News, citing two people familiar with the matter.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: ​ StreamElements is a popular cloud-based streaming tools platform used primarily by content creators on Twitch and YouTube. It provides a suite for stream overlays, tips/donations, chatbots, activity feeds, merch store integration, stream analytics, loyalty/reward systems, and more.

The Take: A threat actor using the nickname "victim" claimed to have stolen the data of 210,000 StreamElements customers on March 20, 2025. The threat actor also shared samples of the stolen data, which included full names, addresses, phone numbers, and email addresses.

The Vector: The same hacker claimed that they breached a StreamElements employee via an information-stealing malware infection, which allowed them to take over an internal account and access the platform's order management system.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: ​ Western Alliance is a wholly owned subsidiary of Western Alliance Bancorporation, a leading U.S. banking company with over $80 billion in assets.

The Take: An analysis of the stolen files concluded on February 21, 2025, and found they contained customer personal information, including names and Social Security numbers, as well as their dates of birth, financial account numbers, driver's license numbers, tax identification numbers, and/or passport information if it was provided to Western Alliance.

The Vector: The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files stored on the compromised devices.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target: The Japanese information and communication technology provider NTT Communications Corporation (NTT Com).​

The Take: The threat actor, the company says, exfiltrated information on 17,891 customer companies, including contract numbers, customer names, contact names, phone numbers, email addresses, physical addresses, and information on service usage.

The Vector: The incident, the telecoms firm says, occurred on February 5, when an unnamed threat actor accessed its internal systems, including those hosting information on services provided to customer companies.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: DISA Global Solutions, Inc., a third-party employment screening services provider.

The Take: The personal information accessed could have included people’s names, Social Security numbers, driver’s license numbers, other government ID numbers, financial account information and other data elements.

The Vector: The company, which provides drug and alcohol testing and background checks, said it discovered on April 22, 2024, that it was the victim of cyber-attack that gave “an unauthorized third party” access to individuals’ personal information from Feb. 9, 2024, to April 22, 2024, the company said in a notice on its website.

 This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: ​ Orange Group, a leading French telecommunications operator and digital service provider.

The Take: According to the threat actor, who uses the alias Rey and is a member of the HellCat ransomware group, the stolen data is mostly from the Romanian branch of the company and includes 380,000 unique email addresses, source code, invoices, contracts, customer and employee information.

 The Vector: The threat actor compromised Orange’s systems by exploiting compromised credentials, and vulnerabilities in the company’s Jira software for bug/issue tracking, and internal portals.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: ​Globe Life is an American financial services holding company.

The Take: The information potentially exposed includes names, email addresses, phone numbers, and postal addresses. In some cases, Social Security numbers, health-related data, and other personal details may also have been involved.

 The Vector: The ongoing review indicated that the breach may have involved information linked to its American Life Insurance Co. subsidiary. In a new SEC filing on Jan. 30, Globe Life reported that customer information compromised in the attack was traced to databases maintained by a limited number of independent agency owners.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...