EEP || Cybersecurity Investing Trendjacking (7d) v2

Major Breaches and CISO Lessons

Major Breaches and CISO Lessons

Key Questions

What happened in the Deutsche Bank third-party incident?

Deutsche Bank experienced a breach via the Unsafe ransomware group targeting a third party, exposing employee data. It underscores third-party risk and upcoming DORA compliance implications.

What data was affected in the Partnered Health breach?

The Partnered Health cyberattack exposed sensitive patient information across multiple Australian clinics. Delayed disclosure has raised concerns about incident response timelines.

How did the Qantas breach occur despite strong security?

Qantas was breached through a vishing call to an overseas contact center agent using a fake IT ticket. Regulators ruled that good security does not guarantee immunity from social engineering.

What lessons do these breaches highlight for CISOs?

Third-party risk, delayed disclosures, and social engineering remain critical gaps even with mature controls. Regulators are emphasizing outcomes over documented security efforts.

What regulatory implications follow from the Qantas ruling?

The ruling signals that liability can apply regardless of security investments if breaches occur. Organizations must reassess assumptions around 'good enough' security postures.

Deutsche Bank third-party breach via Unsafe ransomware exposes employee data, highlighting third-party risk and DORA implications. Partnered Health (Australia) breach exposes patient data across clinics, with delayed disclosure. Qantas breach via social engineering to contact center agent; regulator says good security doesn't guarantee immunity.

Sources (3)
Updated Jul 16, 2026