.png?width=200&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Transcredit, a Florida based credit reporting company.
The Take: Exposure of 822, 789 records of Personally Identifiable Information including: first and last names, emails, bank information, notes of payment history, internal User ID’s and passwords, full data schema detailing where and how data stored.
The Vector: An unsecured, non-password protected database was found open and accessible by anyone with an internet connection.
It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security. Furthermore, the access credentials which were exposed could lead to pivot attacks by breaching other IT systems belonging to the firm.
Finextra: Based on data from eight years of working to assess cyber risk at hundreds of companies across many sectors in dozens of countries, it is clear that the financial sector is one of the best prepared for an attack, reflecting years of improvements and investment. But, although it only lagged behind the industrial, cyber and manufacturing sectors, the financial sector still has a lot of work to do, we found in our soon-to-published research.
Coin Telegraph: The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting “suspicious activities” in user accounts.
Bleeping Computer: Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. A Bank Indonesia spokesperson also told BleepingComputer the attack took place last month and that the bank's operations are not disrupted after the incident.
IT News: Australia and the United Kingdom have signed a pact to crack down on state-based actors, ransomware groups and other "malign actors" that use cyber attacks to "undermine freedom and democracy".
ZDNet: During 2021, Symphony Technology Group (STG) picked up McAfee Enterprise for $4 billion in March, and followed it up in June with a $1.2 billion purchase of FireEye. With the merger of the two cybersecurity firms completed in October, the companies have been given a new name.
Funds Europe: The cybersecurity megatrend is set to continue in 2022 as demand for cybersecurity solutions remain “relatively constant” after some “major hacks” in 2021, according to Christopher Gannatti, global head of research at WisdomTree.
U.S. News: The FBI and other federal agencies are increasingly looking to counter cyber threats through tools other than criminal indictments, the head of the bureau's cyber division said in an interview with The Associated Press.
The Target: Fertility Center of Illinois
The Take: Exposure of Personally Identifiable Information including: full names, social security numbers, financial information, medical data, and health insurance policy numbers, employee numbers, and passport numbers.
The Vector: The threat actors were able to access a third-party server where FCI’s data was stored, and as the firm did not employ proper authentication tools, the attackers were able to freely view and download the sensitive information.
This breach highlights the critical nature of employing robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security. Furthermore, firms must be aware of where their data is stored, be that on their own sites or a third-party, and take steps to ensure it is secure.
JDSUPRA: Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
London
1 Pancras Square, Kings Cross
Gridiron Building
London, N1C 4AG
United Kingdom
+44 20 3036 0828
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Abu Dhabi
24th Floor Al Sila Tower, Suite 2422
Abu Dhabi Global Market Square
Al Maryah Island, Abu Dhabi, UAE
+971 (2) 694 8510
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy