.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds).
The Take: The McLaren data breach notification sample submitted to U.S. authorities confirms that full names were exposed, redacting other data types that were exposed. Therefore, the full extent of the data breach remains unclear.
The Vector: In the notice sent to impacted individuals, McLaren Health Care admits that the incident concerned a ransomware attack, though the INC ransomware gang, believed to be responsible for the attack, is still not mentioned.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Scania is a major Swedish manufacturer of heavy trucks, buses, and industrial and marine engines and is a member of the Volkswagen Group.
The Take: Documents related to insurance claims were downloaded. Insurance claim documents are likely to contain personal and possibly sensitive financial or medical data, so the incident could have a significant impact on those affected. At this time, the number of exposed individuals remains undefined.
The Vector: On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; the current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: Sensata is a global industrial tech firm specializing in mission‑critical sensors, controls, and electrical protection systems. It serves the automotive, aerospace, and defense industries, among others, and has an annual revenue of over $4 billion.
The Take: The company is now notifying an undisclosed number of impacted individuals that the following data was stolen: Full name, address, Social Security Number (SSN), driver's license number, state ID card number, passport number, financial account information, payment card information, medical information, health insurance information, date of birth.
The Vector: Subsequent investigations into the incident supported by an external expert showed that the ransomware actors breached Sensata's network on March 28, 2025.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states.
The Take: The information that could have been subject to unauthorized access and/or acquisition includes first and last name, as well as Social Security number.
The Vector: The investigation determined that information may have been accessed or acquired without authorization on February 3, 2025.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: Camden, New Jersey-based Cooper Health System
The Take: The potentially affected information included individuals’ names, dates of birth, Social Security numbers, health insurance information, treatment information, medical record numbers and medical history information.
The Vector: During the investigation, Cooper discovered that certain data stored in its systems was potentially acquired without authorization.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: The Legal Aid Agency, which is part of the UK’s Ministry of Justice, provides criminal and civil legal aid and advice to people in England and Wales.
The Take: The compromised data includes applicants’ contact details and addresses, dates of birth, national ID numbers, criminal history, and employment status, as well as financial information such as contribution amounts, payments, and debts.
The Vector: An investigation conducted with the aid of the National Crime Agency and National Cyber Security Centre revealed on May 16 that the intrusion was “more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants”.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
The Target: Crypto giant Coinbase
The Take: The company said the hacker stole customer names, postal and email addresses, phone numbers, and the last four-digits of users’ Social Security numbers. The hacker also took masked bank account numbers and some banking identifiers, as well as customers’ government-issued identity documents, such as driver’s licenses and passports.
The Vector: Coinbase said the hacker “obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities.”
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: Frederick Health Medical Group, a major healthcare provider in Maryland.
The Take: Depending on the affected individuals, the attackers stole a combination of sensitive personal information, including patient names, addresses, dates of birth, Social Security numbers, and driver's license numbers. They also exfiltrated personal health information, such as medical record numbers, health insurance information, and/or clinical information related to patients' care.
The Vector: The investigation determined that an unauthorized person gained access to the network and, on January 27, 2025, copied certain files from a file share server.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Target: Ascension, one of the largest private healthcare systems in the United States.
The Take: Depending on the impacted patient, the attackers gained access to a combination of personal information, including name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers (SSNs).
The Vector: The timeline of the breach implies the attack was part of a series of Clop ransomware data theft attacks that exploited a zero-day flaw in Cleo secure file transfer software.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.
The Target: SK Telecom is the largest mobile network operator in South Korea, holding approximately 48.4% of the mobile phone service market in the country, corresponding to 34 million subscribers.
The Take: USIM data is information stored on a Universal Subscriber Identity Module (USIM), which typically includes International Mobile Subscriber Identity (IMSI), Mobile Station ISDN Number (MSISDN), authentication keys, network usage data, and SMS or contacts if stored on the SIM. This data could be used for targeted surveillance, tracking, and SIM-swap attacks.
The Vector: A malware infection allowed threat actors to access sensitive USIM-related information for customers.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy