Skip to main content

Tag: third party risk

51 articles

Blurred office background with a single support document on a desk.

Ernst & Young Exposes Client Data in Third-Party Support System Hack

Ernst & Young suffered a data breach when hackers accessed a third-party support system, downloading sensitive client documents between March 28 and April 12. The breach was detected on April 23, prompting the company to alert affected clients and notify authorities.

Analyst 207
Supermarket checkout area with laptop on counter and shopping cart nearby.

Lidl Data Breach Exposes Customer Info Across Europe

Lidl has warned customers in Belgium and the Netherlands that a data breach exposed their personal info, after unidentified individuals briefly accessed a file containing customer data stored with a third-party IT provider. The breach affected online customers in Germany, Belgium, and the Netherlands, but Lidl stresses that its online shop system itself was not compromised.

Analyst 207
Brightly lit healthcare setting with paper files and computer screens.

AdaptHealth Breach Exposes Patient Data via Social Engineering Tactics

AdaptHealth recently fell victim to a data breach, where hackers used clever social engineering tactics to trick a third-party contractor into giving them access to sensitive patient information stored in the company's cloud environment. This alarming breach put a large volume of patient data at risk, prompting AdaptHealth to disclose the incident to the Securities and Exchange Commission.

Analyst 207
Blurred Teams meeting on laptop screen in office setting with abstract overlays.

Microsoft Bolsters Teams Security with Enhanced Bot Protections

Microsoft is stepping up its Teams security game with enhanced bot protections, allowing admins to block third-party bots from joining meetings without approval. This new policy gives organizations greater control over who can access their meetings, helping to prevent malicious apps and unwanted disruptions.

Analyst 207
Office workstation with laptop and CRM software, overlooking cityscape through large window.

Human Error Exposes Security Breaches Despite AI Advances

Despite advancements in AI, human error continues to expose security breaches, as seen in a recent Salesforce supply-chain compromise where a legacy credential was exploited. A company called Klue, which integrates with Salesforce, was compromised when attackers used OAuth tokens to access customer data.

Analyst 207
Water utility company's outdoor infrastructure with personnel and subtle computer systems.

Iranian Hackers Exploit Credentials in Cal Water Breach

Cal Water swiftly sprang into action when an Iranian-linked group, Handala, claimed to have hacked their system, activating their cybersecurity response plan and launching a thorough investigation. Thankfully, experts from Mandiant found that the breach was limited to third-party accounts, containing no evidence of a larger-scale attack.

Analyst 207
Customer service representative on phone call at retail service desk.

Social Engineering Attacks Target Service Desks

Service desks have become a prime target for cyber attackers, who often find it easier to manipulate staff into divulging sensitive information than to crack the technology itself. In a string of recent incidents, hackers have successfully impersonated employees to gain access to internal systems, as seen in the 2025 UK attacks on major retailers like Marks & Spencer, Co-op, and Harrods.

Analyst 207
Worker's desk with desktop computer, papers, and blurred screen in bright office setting.

LastPass Breach Exposes Customer Data in Supply Chain Hack

LastPass recently discovered a security incident at Klue, a third-party platform they use, which led to an unauthorized actor accessing some customer data through its Salesforce environment. Fortunately, customer vaults and core products remain secure, and swift action has been taken to mitigate the breach.

Analyst 207
Modern office setting with computer servers and symbolic breach objects.

Icarus Hack Exposes Hundreds of Firms in Supply-Chain Breach

On June 11, a massive supply chain breach occurred when hackers exploited a weak link at Klue, a market intelligence provider used by over 250,000 companies worldwide, gaining access to sensitive data across hundreds of firms. The attackers used a compromised legacy credential to obtain OAuth tokens and infiltrate connected customer environments.

Analyst 207
Cloud-based software integration hub with OAuth token authorization prompt on laptop screen.

Klue Breach Exposes Cybersecurity Firms to OAuth Token Abuse

A single compromised credential led to a massive security breach at Klue, allowing an unauthorized actor to exploit OAuth tokens and gain access to sensitive customer data on third-party platforms like Salesforce. This incident highlights the growing threat of OAuth token abuse and the need for robust cybersecurity measures.

Analyst 207
Server room with equipment racks, cables, and blurred monitors.

Klue OAuth Breach Expands as Icarus Hackers Claim Multiple Victims

Klue's CEO Jason Smith revealed that on June 12, unauthorized activity was detected in their integration infrastructure, prompting a thorough investigation with cybersecurity experts to understand the breach and support affected customers. The incident allowed hackers to steal OAuth tokens through a compromised legacy credential, impacting connections to third-party platforms like Salesforce.

Analyst 207
Texas Parks and Wildlife Department office with subtle digital system hint.

Texas Data Breach Exposes 3 Million Driver's Licenses

A massive data breach has hit Texas, exposing the driver's license information of over 3 million hunting and fishing license customers, leaving them vulnerable to identity theft and other cyber threats. The breach occurred through a third-party license system used by the Texas Parks and Wildlife Department.

Analyst 207
Office setting with a laptop on a plain desk, surrounded by neutral decor, under soft daylight.

Nintendo Data Breach Exposes Employee Survey Information

Nintendo of America recently experienced a data breach through a third-party survey service, exposing limited employee survey information, but fortunately, no customer or financial data was compromised. The company is working to resolve the issue and has confirmed that its own systems remain secure.

Analyst 207
Blurred laptop screen on a cluttered office desk with subtle signs of disarray.

Account Takeovers Rise as Complexity Exposes Identity Vulnerabilities

As attackers increasingly target identities rather than infrastructure, account takeovers are on the rise - and with 22% of breaches involving credential abuse, it's clear that traditional username-and-password security just isn't cutting it. The explosion of identities across cloud services, SaaS apps, and remote environments has created a perfect storm of vulnerability.

Analyst 207
Institutional building entrance with subtle tech elements, hinting at digital breach.

Kodak Breach Exposes Sensitive Data After ShinyHunters Hack

Kodak recently suffered a data breach at the hands of hackers known as ShinyHunters, who gained temporary access to sensitive company data. The company has launched a swift investigation with external cybersecurity experts and is working closely with law enforcement to mitigate the impact.

Analyst 207
Person holding letter with puzzled expression in hospital setting.

Breach Notice Error Fuels Patient Skepticism

A simple mistake on breach notices sent by third-party vendor Xsolis sparked skepticism among patients when the letters misnamed Rochester Regional Health as "Rochester Regional Medical Center", leading many to dismiss them as scams. This misstep undermined trust and raised questions about the effectiveness of the breach notification process.

Analyst 207
Laptop screen displays university career website on desk with subtle Oxford University background.

Oxford University Exposes Student Data in Career Website Breach

Oxford University recently suffered a data breach on its career support website, exposing sensitive student information, including full names, email addresses, and encrypted passwords. This incident marks the university's second disclosed data breach of the year, raising concerns about the security of third-party platforms.

Analyst 207
Brightly-lit office setting with server room in background and blurred computer terminal hinting at third-party vendor…

SoFi Hong Kong Breach Exposes Customer Data at Third-Party Vendor

SoFi Hong Kong recently discovered a data breach at a third-party vendor that exposed customer information, with unauthorized access detected on April 30, 2026. The company's investigation is ongoing, but it confirmed the breach originated from a vendor, not its internal systems.

Analyst 207
Hospital corridor with patients and staff, laptop screen in foreground, conveying concern.

NYC Health Breach Exposes 1.8M Patients' Sensitive Data

A massive data breach at NYC Health + Hospitals has exposed the sensitive information of 1.8 million patients, highlighting the alarming vulnerability of personal data in the healthcare system. This incident serves as a stark reminder of the devastating consequences of a breach, especially when it comes to biometric data that can never be truly reset.

Analyst 207
Rows of computer servers and storage equipment in a brightly-lit data center.

Data Breaches Surge, Exposing Sensitive Info at AI Startups, Agencies

Data breaches are surging, with AI startups and agencies exposed, as seen in the alarming theft of 10 petabytes from a Chinese supercomputer and 4 terabytes from AI startup Mercor due to a supply-chain vulnerability. These incidents highlight the hidden risks of connecting data to AI models, creating sensitive blind spots that leave large data sets vulnerable to compromise.

Analyst 207
Person sits at cluttered desk with laptop in dimly lit home office.

Vimeo Breach Exposes 119,000 Email Addresses

A data breach at Vimeo has compromised the email addresses of over 119,000 users, with hackers also accessing some metadata and technical data from a third-party analytics vendor. Fortunately, no video content, login credentials, or payment card information was stolen.

Analyst 207
Brightly-lit data center interior with servers and storage units symbolizing secure user data.

Vimeo Breach Exposes User Data After Anodot Hack

Vimeo users, be aware: a recent data breach at analytics company Anodot exposed some of your personal info, including video titles, metadata, and in some cases, email addresses. Fortunately, uploaded video content, account credentials, and payment card info remain safe.

Analyst 207
Shattered robot head with exposed circuitry amidst broken smartphone fragments in a dimly lit, abandoned server room.

Vercel Breach Exposes Customer Data Theft via AI Tool Compromise

A single compromised AI tool has led to a massive breach at Vercel, exposing customer data and raising serious questions about trust and security. An attacker exploited a third-party AI tool used by an employee to steal sensitive credentials and OAuth tokens, gaining access to multiple services and customer data.

Analyst 207
Shattered robotic arm on modern desk with scattered papers and broken devices amidst cityscape at dusk.

Vercel Breach Traced to Compromised AI Tool

A recent Vercel breach highlights a growing concern: what happens when AI tools, meant to boost efficiency, become the weakest link in our security chain? The breach was traced back to a third-party AI tool used by an employee, blurring the lines between human error and machine vulnerability.

Analyst 207