Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Showing posts with label Data Breach. Show all posts

Discord confirms third-party support breach; some users’ ID photos, support messages and limited payment details were accessed

 



Discord, the popular communication platform used by millions worldwide, has confirmed a data breach that compromised the systems of one of its third-party customer support providers. The incident, which occurred on September 20, 2025, allowed an unauthorized individual to gain access to a database containing user information linked to customer support interactions. Discord disclosed the breach in an official statement released on October 3, assuring users that the attack did not target its internal servers or primary infrastructure.

According to the company, the attacker infiltrated a third-party vendor that managed certain customer service functions on behalf of Discord. Once discovered, Discord immediately revoked the vendor’s access, launched an internal review, and appointed an external cybersecurity firm to conduct a forensic investigation. Law enforcement authorities have also been notified, and Discord says that the investigation remains ongoing.


Details of Compromised Information

Discord confirmed that the breach involved data submitted through customer support or Trust & Safety tickets. This included users’ names, email addresses, Discord usernames, IP addresses, and any messages or attachments exchanged with support representatives.

In addition, a limited amount of payment-related data was exposed. This information was restricted to payment type, purchase history, and the last four digits of credit card numbers. Full credit card numbers, security codes, passwords, and account authentication data were not accessed.

In a smaller subset of cases, images of government-issued identification, such as driver’s licenses or passports, were also accessed. These documents were typically submitted by users appealing age-verification decisions or account restrictions. Discord stated that approximately 70,000 accounts may have been affected in this way.


Ongoing Investigation and Conflicting Claims

While Discord has provided official figures, several online reports have circulated with conflicting claims regarding the size and nature of the data stolen. Some threat actors have claimed responsibility for the breach, while others have denied involvement, and certain forums have reported exaggerated data volumes. Discord has cautioned users to approach such claims with skepticism, describing them as part of an extortion attempt aimed at pressuring the company into paying a ransom.

The identity of the compromised vendor has also been discussed in several reports. Discord named the third-party service provider involved in its statement, while other publications have mentioned companies such as Zendesk and 5CA in connection to the breach. However, details about the vendor’s technical infrastructure and the exact attack vector remain under forensic examination.


What Affected Users Should Do

Discord has contacted users whose information was affected, sending official notification emails that include the corresponding support ticket numbers. Those who received this communication are advised to follow the instructions in the email and verify which data may have been accessed.

Users who did not receive a message from Discord are believed to be unaffected. However, all users are urged to stay vigilant by monitoring bank statements for unauthorized activity, avoiding suspicious links or phishing emails, and reporting any unusual behavior through Discord’s official support channels. The company also recommends enabling multi-factor authentication to strengthen account security.

This incident underlines a broader cybersecurity challenge that many organizations face: third-party vulnerabilities. Even when a company’s internal systems are well protected, outsourced vendors handling sensitive user data can become weak points in the security chain.

Cybersecurity experts note that such breaches highlight the need for stricter vendor management, including routine audits, limited data retention policies, and well-defined access controls. Companies must ensure that external partners uphold the same data protection standards expected within their own infrastructure.


Discord’s Response

Discord stated that it remains committed to protecting user privacy and maintaining transparency as the investigation continues. The company is working closely with forensic specialists to identify the extent of the exposure and prevent similar incidents in the future.

The breach serves as a reminder for users to remain cautious online and for organizations to constantly evaluate their digital supply chains. As investigations continue, Discord has emphasized that no action is required from users who have not received a notification, but heightened awareness remains essential for all.



Ransomware Gang Claims Boeing, Samsung Supplier Breach in 11GB Data Theft

 

A ransomware group named J GROUP claims to have breached Dimensional Control Systems (DCS), stealing 11GB of sensitive data, including proprietary software architecture, client metadata, and internal security procedures. 

DCS, a Michigan-based provider of dimensional engineering software, serves major clients such as Boeing, Samsung, Siemens, and Volkswagen across aerospace, automotive, and electronics sectors.

Alleged data exposure

J GROUP published sample files on its leak site to substantiate the attack, comprising a text file and a compressed folder containing documents with employee names and expense reports. Cybernews researchers analyzed the samples but could not verify their authenticity, cautioning that cybercriminals often reuse data from past breaches to falsely support new extortion claims.

Company response and risks

As of the report, DCS has neither confirmed nor denied the breach, maintaining public silence. Local media outlets in Michigan contacted the company for comment but received no response. 

If the breach is confirmed, it could lead to severe consequences, including intellectual property theft, supply chain vulnerabilities, exposure of client data, and regulatory repercussions. The incident may also damage DCS’s reputation, eroding client trust and questioning its technical and security reliability.

Rising threat 

This incident aligns with a growing trend of ransomware attacks targeting third-party vendors to access high-value industrial clients. Previous attacks on firms like Nissan and Dell highlight similar tactics, where threat actors exploit service providers to infiltrate larger organizations. 

The alleged breach underscores the need for stringent cybersecurity measures across extended supply chains, particularly in manufacturing and engineering sectors reliant on specialized software. 

Organizations are urged to audit vendor security protocols and enhance monitoring for early threat detection. The situation remains ongoing, with no official statement from DCS as of publication.

Payroll Hackers Target U.S. Universities, Microsoft Warns

 



Microsoft researchers have surfaced a new phishing campaign where cybercriminals are stealing university employees’ salaries by redirecting their payroll deposits to accounts under their control. The group behind the attacks has been named “Storm-2657” by Microsoft.

The hackers have been carrying out these attacks since March 2025, targeting staff at multiple U.S. universities and organizations that use third-party HR and payroll platforms, including Workday.

According to Microsoft’s report, at least 11 employee accounts across three universities were compromised and later used to send phishing emails to nearly 6,000 individuals in 25 universities. The scale of the attack suggests a coordinated attempt to infiltrate university payroll systems through deception and stolen credentials.


How the Attack Works

The attackers send phishing emails that appear to come from legitimate university sources or human resources departments. These emails often carry urgent subjects like “COVID-Like Case Reported — Check Your Contact Status” or “Faculty Compliance Notice – Classroom Misconduct Report.”

When recipients click on the embedded links, they are redirected to fake login pages designed to steal their login details and multifactor authentication (MFA) codes. With these details, the hackers gain full access to the victim’s Workday or HR accounts.

Once inside, the criminals create inbox rules that automatically delete emails from Workday, particularly notifications about payroll or bank account changes, ensuring victims remain unaware of any tampering. They also register their own devices for MFA, allowing them to retain access even if the victim later changes their password.

This enables the attackers to quietly change the employee’s bank account information, diverting salary payments into accounts they control.


Broader Pattern of Business Email Compromise

Experts classify this as a variant of Business Email Compromise (BEC), a fraud method where attackers infiltrate or impersonate legitimate business accounts to redirect payments or steal sensitive data.

According to the FBI’s 2024 Internet Crime Report, BEC scams caused over $2 billion in losses last year alone. Many victims include corporations, suppliers, and even schools that handle large financial transactions through wire transfers or automated clearing house (ACH) systems.

In one notable 2024 case, cybercriminals stole $60 million from a major carbon products supplier, while a Tennessee school district also lost millions through similar fraudulent transfers.


Microsoft and Workday Respond

Microsoft said it has alerted affected institutions and shared recommendations to contain the threat. The company advised organizations to adopt phishing-resistant MFA options, monitor for suspicious inbox rules, and require extra verification for any changes to payroll details.

A Workday spokesperson also encouraged clients to strengthen their MFA policies and implement additional review steps before processing sensitive updates like salary or banking information.


Protecting Employees and Institutions

Cybersecurity experts emphasize the importance of employee awareness and vigilant reporting. Staff should avoid clicking on unsolicited HR emails and instead confirm any urgent requests directly with their university’s payroll or IT department.

With education institutions increasingly targeted by financially motivated hackers, proactive defenses and real-time verification remain the most effective safeguards against salary diversion scams.



Unauthorized Use of AI Tools by Employees Exposes Sensitive Corporate Data


 

Artificial intelligence has rapidly revolutionised the modern workplace, creating both unprecedented opportunities and presenting complex challenges at the same time. Despite the fact that AI was initially conceived to improve productivity, it has quickly evolved into a transformational force that has changed the way employees think, work, and communicate. 

Despite the rapid rise in technology, many organisations are still ill-prepared to deal with the unchecked use of artificial intelligence. With the advent of generative AI, which can produce text, images, videos, and audio in a variety of ways, employees have increasingly adopted it for drafting emails, preparing reports, analysing data, and even creating creative content. 

The ability of advanced language models, which have been trained based on vast datasets, to mimic the language of humans with remarkable fluency can enable workers to perform tasks that once took hours to complete. According to some surveys, a majority of American employees rely on AI tools, often without formal approval or oversight, which are freely accessible with a little more than an email address to use. 

Platforms such as ChatGPT, where all you need is an email address if you wish to use the tool, are inspiring examples of this fast-growing trend. Nonetheless, this widespread use of unregulated artificial intelligence tools raises many concerns about privacy, data protection, and corporate governance—a concern employers must address with clear policies, robust safeguards, and a better understanding of the evolving digital landscape to prevent these concerns from becoming unfounded. 

Cybernews has recently found out that the surge in unapproved AI use in the workplace is a concerning phenomenon. While digital risks are on the rise, a staggering 75 per cent of employees who use so-called “shadow artificial intelligence” tools admit to having shared sensitive or confidential information through them.

Information that could easily compromise their organisations. However, what is more troubling is that the trend is not restricted to junior staff; it is actually a trend led by the leadership at the organisation. With approximately 93 per cent of executives and senior managers admitting to using unauthorised AI tools, it is clear that executives and senior managers are the most frequent users. Management accounts for 73 per cent, followed by professionals who account for 62 per cent. 

In other words, it seems that unauthorised AI tools are not isolated, but rather a systemic problem. In addition to employee records and customer information, internal documents, financial and legal records, and proprietary code, these categories of sensitive information are among the most commonly exposed categories, each of which can lead to serious security breaches each of which has the potential to be a major vulnerability. 

However, despite nearly nine out of ten workers admitting that utilising AI entails significant risks, this continues to happen. It has been found that 64 per cent of respondents recognise the possibility of data leaks as a result of unapproved artificial intelligence tools, and more than half say they will stop using those tools if such a situation occurs. However, proactive measures remain rare in the industry. As a result, there is a growing disconnect between awareness and action in corporate data governance, one that could have profound consequences if not addressed. 

There is also an interesting paradox within corporate hierarchies revealed by the survey: even though senior management is often responsible for setting data governance standards, they are the most frequent infringers on those standards. According to a recent study, 93 per cent of executives and senior managers use unapproved AI tools, outpacing all other job levels by a wide margin.

There is also a significant increase in engagement with unauthorised platforms by managers and team leaders, who are responsible for ensuring compliance and modelling best practices within the organisation. This pattern, researchers suggest, reflects a worrying disconnect between policy enforcement and actual behaviour, one that erodes accountability from the top down. Žilvinas GirÄ—nas, head of product at Nexos.ai, warns that the implications of such unchecked behaviour extend far beyond simple misuse. 

The truth is that it is impossible to determine where sensitive data will end up if it is pasted into unapproved AI tools. "It might be stored, used to train another model, exposed in logs, or even sold to third parties," he explained. It could be possible to slip confidential contracts, customer details, or internal records quietly into external systems without detection through such actions, he added.

A study conducted by IBM underscores the seriousness of this issue by estimating that shadow artificial intelligence can result in an average data breach cost of up to $670,000, an expense that few companies are able to afford. Even so, the Cybernews study found that almost one out of four employers does not have formal policies in place governing artificial intelligence use in the workplace. 

Experts believe that awareness alone will not be enough to prevent these risks from occurring. As Sabeckis noted, “It would be a shame if the only way to stop employees from using unapproved AI tools was through the hard lesson of a data breach. For many companies, even a single breach can be catastrophic. GirÄ—nas echoed this sentiment, emphasising that shadow AI “thrives in silence” when leadership fails to act decisively. 

The speaker warned that employees will continue to rely on whatever tools seem convenient to them if clear guidelines and sanctioned alternatives are not provided, leading to efficiency shortcuts becoming potential security breaches without clear guidelines and sanctioned alternatives. Experts emphasise that organisations must adopt comprehensive internal governance strategies to mitigate the growing risks associated with the use of unregulated artificial intelligence, beyond technical safeguards. 

There are a number of factors that go into establishing a well-structured artificial intelligence framework, including establishing a formal AI policy. This policy should clearly state the acceptable uses for AI, prohibit the unauthorised download of free AI tools, and limit the sharing of personal, proprietary, and confidential information through these platforms. 

Businesses are also advised to revise and update existing IT, network security, and procurement policies in order to keep up with the rapidly changing AI environment. Additionally, proactive employee engagement continues to be a crucial part of addressing AI-related risks. Training programs can provide workers with the information and skills needed to understand potential risks, identify sensitive information, and follow best practices for safe, responsible use of AI. 

Also essential is the development of a robust data classification strategy that enables employees to recognise and handle confidential or sensitive information before interacting with AI systems in a proper manner. 

The implementation of formal authorisation processes for AI tools may also benefit organisations by limiting access to the tools to qualified personnel, along with documentation protocols that document inputs and outputs so that compliance and intellectual property issues can be tracked. Further safeguarding the reputation of your brand can be accomplished by periodic reviews of AI-generated content for bias, accuracy, and appropriateness. 

By continuously monitoring AI tools, including reviewing their evolving terms of service, organisations can ensure ongoing compliance with their company's standards, as well. Finally, it is important to put in place a clearly defined incident response plan, which includes designated points of contact for potential data exposure or misuse. This will help organisations respond more quickly to any AI-related incident. 

Combined, these measures represent a significant step forward in the adoption of structured, responsible artificial intelligence that balances innovation and accountability. Although internal governance is the cornerstone of responsible AI usage, external partnerships and vendor relationships are equally important when it comes to protecting organisational data. 

According to experts, organisation leaders need to be vigilant not just about internal compliance, but also about third-party contracts and data processing agreements. Data privacy, retention, and usage provisions should be explicitly included in any agreement with an external AI provider. These provisions are meant to protect confidential information from being exploited or stored in ways that are outside of the intended use of the information.

Business leaders, particularly CEOs and senior executives, must examine vendor agreements carefully in order to ensure that they are aligned with international data protection frameworks, such as the General Data Protection Regulation and California Consumer Privacy Act (CCPA). In order to improve their overall security posture, organisations can ensure that sensitive data is handled with the same rigour and integrity as their internal privacy standards by incorporating these safeguards into the contract terms. 

In the current state of artificial intelligence, which has been redefining the limits of workplace efficiency, its responsible integration has become an important factor in enhancing organisational trust and resilience as it continues to redefine the boundaries of workplace efficiency. Getting AI to work effectively in business requires not only innovation but also a mature set of governance frameworks that accompany its use. 

Companies that adopt a proactive approach, such as by enforcing clear internal policies, establishing transparency with vendors, and cultivating a culture of accountability, will be able to gain more than simply security. They will also gain credibility with clients and employees, as well as regulators. Although internal governance is the cornerstone of responsible AI usage, external partnerships and vendor relationships are equally important when it comes to protecting organisational data. 

According to experts, organisation leaders need to be vigilant not just about internal compliance, but also about third-party contracts and data processing agreements. Data privacy, retention, and usage provisions should be explicitly included in any agreement with an external AI provider. 

These provisions are meant to protect confidential information from being exploited or stored in ways that are outside of the intended use of the information. Business leaders, particularly CEOs and senior executives, must examine vendor agreements carefully in order to ensure that they are aligned with international data protection frameworks, such as the General Data Protection Regulation and California Consumer Privacy Act (CCPA). 

In order to improve their overall security posture, organisations can ensure that sensitive data is handled with the same rigour and integrity as their internal privacy standards by incorporating these safeguards into the contract terms. In the current state of artificial intelligence, which has been redefining the limits of workplace efficiency, its responsible integration has become an important factor in enhancing organisational trust and resilience as it continues to redefine the boundaries of workplace efficiency. 

Getting AI to work effectively in business requires not only innovation but also a mature set of governance frameworks that accompany its use. Companies that adopt a proactive approach, such as by enforcing clear internal policies, establishing transparency with vendors, and cultivating a culture of accountability, will be able to gain more than simply security. They will also gain credibility with clients and employees, as well as regulators.

In addition to ensuring compliance, responsible AI adoption can improve operational efficiency, increase employee confidence, and strengthen brand loyalty in an increasingly data-conscious market. According to experts, artificial intelligence should not be viewed merely as a risk to be controlled, but as a powerful tool to be harnessed under strong ethical and strategic guidelines. 

It is becoming increasingly apparent that in today's business climate, every prompt, every dataset can potentially create a vulnerability, so organisations that thrive will be those that integrate technological ambition with a disciplined governance framework - trying to transform AI from being a source of uncertainty to being a tool for innovation that is as sustainable and secure as possible.

Telstra Denies Scattered Spider Data Breach Claims Amid Ransom Threats

 

Telstra, one of Australia’s leading telecommunications companies, has denied claims made by the hacker group Scattered Spider that it suffered a massive data breach compromising nearly 19 million personal records. The company issued a statement clarifying that its internal systems remain secure and that the data in question was scraped from publicly available sources rather than stolen. In a post on X (formerly Twitter), Telstra emphasized that no passwords, banking details, or sensitive identification data such as driver’s licenses or Medicare numbers were included in the dataset. 

The claims originated from a dark web post published on October 3 by a group calling itself Scattered Lapsus$ Hunters, an offshoot of Scattered Spider. The group alleged it had stolen more than 100GB of personally identifiable information, including names and physical addresses, and warned that company executives should negotiate to avoid further data exposure. The attackers claimed the alleged breach took place in July 2023 and threatened to release the data publicly if a ransom was not paid by October 13, 2025. They also asserted possession of over 16 million records contained in a file named telstra.sql, which they said was part of a larger collection of 19 million records. 

In a surprising twist, the ransom note also mentioned Salesforce, the global cloud computing company, demanding negotiations begin with its executives. Salesforce swiftly rejected the demand, issuing a statement on October 8 declaring that it “will not engage, negotiate with, or pay any extortion demand,” aligning with global cybersecurity guidelines that discourage ransom payments. 

Scattered Lapsus$ Hunters has made similar claims about breaches involving several major corporations, including Qantas, IKEA, and Google AdSense. Cybersecurity intelligence platforms like Cyble Vision have documented multiple previous instances of alleged Telstra data breaches, some dating back to 2022. In one notable case, a threat actor called UnicornLover67 claimed to possess a dataset containing over 47,000 Telstra employee records, including email addresses and hashed passwords. Telstra has previously confirmed smaller breaches linked to third-party service providers, most recently in 2022, affecting around 132,000 customers. 

However, cybersecurity analysts remain uncertain whether the current claims represent a fresh breach or a recycling of old data. Experts suggest that previously leaked or publicly available datasets may have been repurposed to appear as new evidence of compromise. This possibility aligns with Telstra’s statement that no recent intrusion has occurred. 

The investigation into the alleged breach remains ongoing as the ransom deadline approaches. While Telstra continues to assert that its systems are uncompromised, the persistence of repeated breach claims underscores the growing challenge of misinformation and data reuse in the cybercrime landscape. The Cyber Express has reached out to Telstra for further updates and will continue to monitor the situation as new details emerge.

Ransomware Attack on Motility Software Solutions Exposes Data of 766,000 Customers

 


Motility Software Solutions, a leading U.S.-based provider of dealer management software (DMS), has confirmed a ransomware attack that compromised the personal data of approximately 766,000 customers.

The company, previously known as Systems 2000 (Sys2K), serves over 7,000 dealerships across the automotive, marine, powersports, heavy-duty, and RV retail industries. Its suite of software tools supports operations such as CRM, sales, accounting, inventory tracking, fleet management, rentals, and mobile dashboard access.

According to a data breach notification filed with the Office of the Maine Attorney General, the cyberattack occurred on August 19, 2025. During the incident, hackers infiltrated Motility’s systems, stole sensitive data, and later encrypted parts of its servers to disrupt operations.

“On or about August 19, 2025, we detected unusual activity within certain computer servers that support our business operations,” the notification to affected users stated. “An investigation determined that an unauthorized actor deployed malware that encrypted a portion of our systems.”

Motility revealed that forensic analysis suggests the attackers may have exfiltrated limited customer data before encryption. The information potentially exposed varies by individual and may include:

  • Full name

  • Physical address

  • Email address

  • Phone number

  • Date of birth

  • Social Security number (SSN)

  • Driver’s license number

Following the incident, the company initiated an internal investigation, enhanced its cybersecurity defenses, and restored affected systems using backups. While it remains unclear whether Motility communicated with the attackers, the company has implemented dark web monitoring to detect any leaks of stolen data online.

Currently, no ransomware group has claimed responsibility for the breach. Motility stated that there is no evidence of data misuse at this time but encouraged customers to remain vigilant and take protective steps such as credit monitoring, fraud alerts, and credit freezes.

As part of its response, Motility is offering one year of free identity monitoring through LifeLock, with enrollment available until December 19, 2025, using a personalized activation code.

Where Your Data Goes After a Breach and How to Protect Yourself

 

Data breaches happen every day—and they’re almost never random. Most result from deliberate, targeted cyberattacks or the exploitation of weak security systems that allow cybercriminals to infiltrate networks and steal valuable data. These breaches can expose email addresses, passwords, credit card details, Social Security numbers, medical records, and even confidential business documents. While it’s alarming to think about, understanding what happens after your data is compromised is key to knowing how to protect yourself.  

Once your information is stolen, it essentially becomes a commodity traded for profit. Hackers rarely use the data themselves. Instead, they sell it—often bundled with millions of other records—to other cybercriminals who use it for identity theft, fraud, or extortion. In underground networks, stolen information has its own economy, with prices fluctuating depending on how recent or valuable the data is. 

The dark web is the primary marketplace for stolen information. Hidden from regular search engines, it provides anonymity for sellers and buyers of credit cards, logins, and personal identifiers. Beyond that, secure messaging platforms such as Telegram and Signal are also used to trade stolen data discreetly, thanks to their encryption and privacy features. Some invite-only forums on the surface web also serve as data exchange hubs, while certain hacktivists or whistleblowers may release stolen data publicly to expose unethical practices. Meanwhile, more sophisticated cybercriminal groups operate privately, sharing or selling data directly to trusted clients or other hacker collectives. 

According to reports from cybersecurity firm PrivacyAffairs, dark web markets offer everything from bank login credentials to passports and crypto wallets. Payment card data—often used in “carding” scams—remains one of the most traded items. Similarly, stolen social media and email accounts are in high demand, as they allow attackers to launch phishing campaigns or impersonate victims. Even personal documents such as birth certificates or national IDs are valuable for identity theft schemes. 

Although erasing your personal data from the internet entirely is nearly impossible, there are ways to limit your exposure. Start by using strong, unique passwords managed through a reputable password manager, and enable multi-factor authentication wherever possible. A virtual private network (VPN) adds another layer of protection by encrypting your internet traffic and preventing data collection by third parties. 

It’s also wise to tighten your social media privacy settings and avoid sharing identifiable details such as your workplace, home address, or relationship status. Be cautious about what information you provide to websites and services—especially when signing up or making purchases. Temporary emails, one-time payment cards, and P.O. boxes can help preserve your anonymity online.  

If you discover that your data was part of a breach, act quickly. Monitor all connected accounts for suspicious activity, reset compromised passwords, and alert your bank or credit card provider if financial details were involved. For highly sensitive leaks, such as stolen ID numbers, consider freezing your credit report to prevent identity fraud. Data monitoring services can also help by tracking the dark web for mentions of your personal information.

In today’s digital world, data is currency—and your information is one of the most valuable assets you own. Staying vigilant, maintaining good cyber hygiene, and using privacy tools are your best defenses against becoming another statistic in the global data breach economy.

Volvo NA Employee Data Exposed in Miljödata Ransomware Attack

 

Volvo North America recently disclosed that sensitive employee information was compromised following a ransomware attack targeting its HR software provider, Miljödata. The breach, attributed to the DataCarry ransomware group, exposed names and social security numbers of Volvo staff after cybercriminals infiltrated Miljödata’s cloud-hosted Adato system in August 2025.

The confirmation of Volvo’s affected data came on September 2, several days after Miljödata detected the intrusion on August 23. Miljödata responded by initiating an investigation, collaborating with cybersecurity experts, and enhancing security measures to prevent future incidents, while Volvo Group continues to closely monitor the evolving situation.

DataCarry claimed responsibility for the attack, posting Miljödata’s stolen files on a dark web site for download. Adato, a specialized HR platform used primarily to manage employee sick leave and rehabilitation, became the focal point of the attack. The fallout extended beyond Volvo, impacting other organizations and municipalities across Sweden, since around 80 percent of Sweden’s 290 municipalities use Miljödata’s software.

Some victims suffered broader data exposure, including phone numbers, addresses, gender, and employment details, depending on how they used Adato. According to the Swedish Herald’s prosecutor Sandra Helgadottir, about 1.5 million individuals were impacted, reflecting the large footprint of Miljödata’s clientele.

Swedish airline SAS, which employed Adato until June 2021, confirmed that current and former employees who joined before June 21, 2021, might have had personal and sick leave information exposed. The City of Stockholm was also affected, despite not operating live systems with Miljödata, with data related to workplace incident reporting and employee accounts among the compromised information.

The attack disrupted services in approximately 200 municipalities, and additional victims included several prominent universities such as Chalmers, Karlstad, Lunds, Linköping, Umeå, and the Swedish University of Agricultural Sciences, all of which reported being affected due to Adato usage. Uppsala University avoided the breach by running Adato on-premises.

This incident underscores the substantial downstream risks created by third-party vendor breaches, as malicious actors increasingly target interconnected systems holding large volumes of personal and employment data. Organizations affected are responding with investigations, security upgrades, and disclosures to regulatory authorities, highlighting the critical need to safeguard supply chain platforms and scrutinize cloud-hosted environments for vulnerabilities.

NSSF Sued for Secretly Using Gun Owners’ Data in Political Ads

 

The National Shooting Sports Foundation (NSSF) is facing a class-action lawsuit alleging it secretly built a database with personal information from millions of gun owners and used it for political advertising without consent.

The lawsuit, filed by two gun owners—Daniel Cocanour of Oklahoma and Dale Rimkus of Illinois—claims the NSSF obtained data from warranty cards filled out by customers for firearm rebates or repairs, which included sensitive details like contact information, age, income, vehicle ownership, and reasons for gun ownership. These individuals never consented to their data being shared or used for political purposes, according to the suit.

The NSSF, based in Shelton, Connecticut, began compiling the database in 1999 following the Columbine High School shooting, aiming to protect the firearms industry’s image and legal standing. By May 2001, the database held 3.4 million records, growing to 5.5 million by 2002 under the name “Data Hunter,” with contributions from major manufacturers like Glock, Smith & Wesson, Marlin Firearms, and Savage Arms. The plaintiffs allege “unjust enrichment,” arguing the NSSF profited from using this data without compensating gun owners.

The organization reportedly used the database to target political ads supporting pro-gun candidates, claiming its efforts were a “critical component” in George W. Bush’s narrow 2000 presidential victory. The NSSF continued using the database in elections through 2016, including hiring Cambridge Analytica during President Trump’s campaign to mobilize gun rights supporters in swing states . This partnership is notable given Cambridge Analytica’s later collapse due to a Facebook data scandal involving unauthorized user data.

Despite publicly advocating for gun owners’ privacy—such as supporting the “Protecting Privacy in Purchases Act”—the NSSF allegedly engaged in practices contradicting this stance. The lawsuit seeks damages exceeding $5 million and class-action status for all U.S. residents whose data was collected from 1990 to present. 

The case highlights a breach of trust, as the NSSF reportedly amassed data while warning against similar databases being used for gun confiscation . As of now, the NSSF has not commented publicly but maintains its data practices were legal and ethical .

WestJet Confirms Cyberattack Exposed Passenger Data but Says Financial Details Remain Safe

 

WestJet has revealed that some customer information was accessed during a cyberattack in June, though the airline maintains that the majority of cases did not involve “sensitive” data.

On Monday, the carrier issued a notice to U.S. residents as part of its investigation into the June 13 breach, describing the attack as the work of a “sophisticated, criminal third party.”

The company emphasized that its internal safeguards prevented hackers from obtaining payment details such as credit and debit card numbers, expiration dates, CVV codes, and user passwords. However, certain personal information was exposed. This included passengers’ names, contact information, travel-related documents, reservation details, and data reflecting their relationship with WestJet.

“Containment is complete, and some additional system and data security measures have been implemented,” WestJet stated in its release. “However, analysis is ongoing, and WestJet will continue to take measures to further enhance its cybersecurity protocols.”

The airline confirmed that it is directly notifying affected customers, offering guidance through its website, and has engaged Cyberscout to provide fraud prevention and remediation services.

Authorities, including the U.S. Federal Bureau of Investigation (FBI) and the Canadian Centre for Cyber Security, are working with WestJet on the probe.
 Notifications have also been sent to U.S. credit reporting agencies — TransUnion, Experian, and Equifax — as well as several state attorneys general, Transport Canada, the Office of the Privacy Commissioner of Canada, and other relevant regulators worldwide.

Harrods Confirms Data Breach Exposing 430,000 Customer Records

 

Luxury retailer Harrods has confirmed a new data breach that exposed the personal details of around 430,000 e-commerce customers after hackers compromised one of its third-party suppliers. 

The company clarified that this incident is separate from the cyberattack it faced in May, which was attributed to the hacker group Scattered Spider. 

In a statement to publications, Harrods said it informed affected customers on Friday that their personal details, including names and contact information, were accessed following a breach at a third-party provider. 

The retailer did not disclose the name of the compromised vendor but said it has taken immediate steps to contain the situation and alert authorities. The company reassured customers that the leaked data does not include passwords, payment details, or purchase histories. 

However, some customer records contained internal tags and marketing labels used by Harrods for service management. These labels may reference customer tier levels or affiliations with Harrods’ co-branded credit cards, though the company said such information would be difficult for unauthorised parties to interpret accurately. 

Cybersecurity experts have linked the breach to a wider supply chain attack that affected multiple companies globally over the summer. The incident, believed to involve the Salesloft platform, saw hackers use stolen OAuth tokens to access Salesforce systems and extract customer data. 

Harrods also confirmed that the threat actor behind the latest breach had reached out to the company directly, apparently seeking extortion. 

The retailer stated it would not engage in any communication or negotiation with the attacker. Authorities and cybersecurity professionals have been notified, and Harrods said it continues to work closely with them to ensure customer protection and prevent future incidents. 

The company has also advised customers to remain alert to phishing attempts and avoid clicking on links or sharing information with unknown sources. 

Despite the breach, Harrods’ online services remain operational. The company said it remains committed to maintaining the trust of its customers and strengthening its digital security systems to safeguard sensitive information.

Red Hat Confirms Breach of GitLab Instance Linked to Consulting Team

 

Red Hat has acknowledged a cybersecurity incident involving one of its GitLab instances after a hacker group calling itself Crimson Collective claimed to have stolen a significant amount of company data. 

The enterprise software provider clarified that the breach did not affect its GitHub repositories, as initially reported, but rather a GitLab instance used internally by its Consulting division. 

According to the attackers, they obtained around 570 GB of compressed data from roughly 28,000 private repositories, which allegedly contained source code, credentials, configuration files, and customer engagement reports (CERs). 

The group also asserted that the stolen information gave them access to customer systems. Reports indicate that the hackers attempted to extort Red Hat, but the company did not comply. 

Sources told International Cyber Digest that Red Hat had minimal contact with the threat actors and refused to meet their demands. A separate analysis by SOCRadar suggested that data from as many as 800 Red Hat customers could have been exposed. 

The list of potentially affected entities reportedly includes large corporations such as IBM, Siemens, Verizon, and Bosch, as well as several U.S. government bodies, including the Department of Energy, NIST, and the NSA. 

In a blog post addressing the incident, Red Hat explained that the compromised GitLab system was used mainly for collaborative consulting work and contained materials such as sample code, project details, and internal communications. 

The company emphasised that the instance does not usually store personal or highly confidential information and that no evidence of sensitive data exposure has been found so far. 

“At this time, we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain,” Red Hat said in a statement shared with SecurityWeek. 

While Red Hat has not directly addressed claims that customer infrastructure was accessed, cybersecurity experts note that ransomware and extortion groups often exaggerate such assertions to increase pressure on victims. 

The company has confirmed that an internal investigation is ongoing to assess the full extent of the breach and strengthen its systems against future threats.

Healthcare, Banking and Industry in India Struggle Amid Rising Cyber Attacks

 


The Indian economy today stands at a crossroads of a profound digital transformation, in which technology has seamlessly woven its way into the fabric of everyday life, in both cities and remote villages. Smartphones and internet connectivity are transforming the way people live, work and transact around the country.

UPI powered digital banking, e-commerce, and the widespread shift toward remote work have all contributed to the rapid evolution of the country into a digital first economy. However, behind the impressive progress made in the past few years, there is a darker reality: cyberattacks that threaten to undermine the very foundations of this transformation. In the healthcare, banking, and industrial sectors, as digital tools become increasingly commonplace, they are also facing unprecedented security challenges. 

As a consequence, the healthcare industry, as well as its associated industries, has emerged as one of the most vulnerable frontlines in the world, with numerous high-profile cyber incidents demonstrating how a cyber incident can threaten the safety of patients, disrupt crucial services, and undermine public trust. 

A chief information security officer (CISO) is responsible for safeguarding critical systems and sensitive data, even though they must deal with legacy infrastructure, shortages of workforce, and rapidly evolving threats all while struggling to protect their critical systems and sensitive data. 

Despite the benefits of artificial intelligence as a means of alleviating operational burdens, it also brings with it complex security demands, which makes cyber leaders a priority to ensure resilience in the future. In a rapidly emerging world filled with increasing risks, cybersecurity is no longer an optional skill but rather a necessity—a crucial tool for professionals, organisations, and citizens alike as India advances in its digital revolution. 

India's critical sectors are experiencing a surge in cyberattacks, with an average of 4.1 million attacks occurring in the financial services industry, insurance industry, banking industry, and healthcare industry between January and June 2025. In spite of the fact that India remained the primary target, countries such as the United States, France, Singapore and Germany all contributed to this wave of malicious activities. 

A wide range of vulnerabilities, ranging from system flaws to employee accounts, were exploited, testing the resilience of digital infrastructure. Insurers, which depend heavily on consumer data, have experienced threefold increases in the number of vulnerabilities exploited, as well as 350 per cent increases in distributed denial-of-service (DDoS) attacks. 

It has emerged that Application Programming Interfaces (APIs), often overlooked yet central to digital ecosystems, have become a major weak point, with targeted attacks soaring by 126 per cent and DDoS attacks soaring by 3per cent. Even though supply chains and production systems are increasingly vulnerable, the manufacturing and industrial sectors have been hit hard. 

Overall breaches increased by 31 per cent, including a staggering increase of 427 per cent in DDoS attacks, highlighting the need to protect these systems. There was also an increase of 46 per cent in employee-focused attacks and 17 per cent in politically motivated disruptions, and that resulted in increased DDoS activity of 1 per cent during peak operations during the financial year. 

Even though smaller businesses often have limited resources, they have not been spared—attacks against their websites have gone up by 202 per cent, while cloud-based intrusions have increased seventy-fourfold during this period. There has been a surge in attacks on the healthcare sector, which have risen by 247 per cent, posing a grave threat to patient data and life-critical hospital services. 

Despite being viewed as low-hanging fruit for cybercriminals, retail and e-commerce platforms experienced 42 per cent higher DDoS attacks, along with an increase in credential theft and fraudulent card transactions. Cybercrime has the potential to significantly impact national security as well as economic stability in the near future as a result of this massive increase in attacks. 

The cybercrime specialist Professor Triveni Singh, who is also a former IPS officer, said that artificial intelligence and advanced detection systems have prevented more than 4.26 billion attempted breaches worldwide by preventing them from being attempted. 

As India's digital economy accelerates, it requires stronger technologies, skilled professionals, continuous monitoring, and robust policies strengthened by international cooperation as well as stronger technology. 

A major component of the Indian cyber landscape has emerged as a complex and vulnerable healthcare sector. Hospitals and medical groups operate in high-stakes environments, which can be very difficult for anyone to deal with. 

Even a few minutes of system downtime could mean the difference between life and death for the patient. In light of this, ransomware groups have targeted them as prime targets, exploiting the urgency of care to extract money from patients. 

A growing number of medical Internet of Things (MIoT) devices, including heart monitors, infusion pumps, and many other devices that interact with the internet, has led to a widening of attack surfaces in recent years. In spite of the promises of these technologies, their historically weak security makes them more appealing to threat actors that are powered by artificial intelligence, raising the possibility of patient data being stolen or even being interfered with directly. 

As telehealth has increased in popularity, the risks have increased further, as both patients and providers are at risk of being attacked via the internet, which can harvest sensitive information from patients. It is important to note that India's healthcare sector continues to struggle with legacy systems, financial constraints, and a shortage of cybersecurity experts, which leaves small and mid-sized institutions particularly vulnerable, despite the country's progress in digitisation. 

Despite the fragmentation of national regulations, frameworks like the Information Technology Act, SPDI Rules, and the Digital Personal Data Protection Act have only limited coverage, and there are still many gaps to fill in systemic coverage, according to industry bodies such as the Data Security Council of India and the Healthcare Information and Management Systems Society (HIMSS). 

One real-world example of this problem can be found in August last year, when an artificial intelligence-driven ransomware attack crippled a healthcare provider specialising in artificial intelligence, making the urgency of the issue clear. The malware was triggered by a phishing email, and after a few minutes, it had encrypted electronic patient records, billing systems, and admissions, forcing surgeries to be delayed and critical procedures rerouted. 

However, even though the organisation did not pay the ransom and instead cooperated with law enforcement, there was a severe fallout from the incident: patient trust was shattered, data was compromised, and the incident highlighted India's healthcare cybersecurity posture as being extremely fragile. 

It is becoming increasingly apparent that cyber threats are evolving at an alarming rate, posing an increasing threat to individuals as well as organisations. In the era where millions of devices are connected to the internet, attackers have access to a larger pool of entry points, so they can exploit weaknesses across both personal and corporate networks more easily. 

A report from Seqrite, which tracked over eight million endpoints, revealed that millions of malware infections were detected in just a matter of seconds, demonstrating how large the problem is. It has become increasingly common for cybercriminals to take advantage of the surge in digital services, whether it is small businesses' adoption of online platforms or individuals sharing their personal information on social media. 

For instance, a newly established organisation without adequate security can become a target for ransomware or phishing attacks, while an individual who shares too much information online may be unwittingly vulnerable to identity theft because of it. It has been warned that as technology adoption grows, so will the sophistication of threats, requiring stronger security strategies across every sector. 

The digital expansion of India is undeniably one of the world’s largest markets, but it is also accompanied by many vulnerabilities, making awareness and resilience crucial for long-term growth. India is speeding ahead on the digital journey, but it must maintain a balance between innovation and resiliency to achieve long-term growth. 

No sector is immune to the impact of cyberattacks, as evidenced by the increasingly widespread attacks affecting industries such as healthcare, banking, and small businesses, all of which are rising at an alarming rate. 

The price of inaction will only increase over time. It is still important to keep in mind that technology is only one factor of cybersecurity - creating a culture of cyber awareness, strengthening digital hygiene, and hiring skilled talent will prove to be just as important as deploying advanced firewalls and artificial intelligence services. 

For organisations with limited resources, policymakers, regulators, and industry leaders must work in tandem in order to develop a comprehensive framework aimed at enforcing data protection as well as incentivising proactive security measures. In order to effectively combat cybercrime, it is vital that we foster international collaboration. Cybercrime transcends national boundaries, which requires collective intelligence to combat.

Individuals are advised to protect their personal information, to exercise caution online, and to update their digital practices in order to combat the threat at the grassroots level. In addition to protecting India's critical infrastructure, India will also inspire global confidence that it can lead a secure, technology-driven future as long as it combines security with the very foundations of its digital revolution.

Co-op Faces Heavy Financial Losses Following April Cyberattack

 



The Co-operative Group in the United Kingdom has revealed the extent of the damage caused by the cyberattack it suffered earlier this year. In its interim financial report for the first half of 2025, the company announced an £80 million (about $107 million) drop in operating profit, attributing the decline directly to the April breach.

According to the report, the losses can be broken down into two areas: around £20 million spent on immediate recovery efforts and another £60 million lost in sales while core systems were out of service. The disruption also drove down overall revenue by £206 million ($277 million). Co-op expects recovery-related expenses to continue, with an additional £20 million likely to be recorded in the second half of 2025.


The Attack and Data Theft

In late April, Co-op had to take parts of its IT network offline after detecting suspicious activity. The incident was later confirmed to be the work of affiliates linked to Scattered Spider, operating in connection with the DragonForce ransomware group. Although the attack was stopped before files could be encrypted, the intruders managed to steal personal details of all 6.5 million members, including both current and past customers.

The U.K.’s National Crime Agency arrested four individuals between the ages of 17 and 20 in July in connection with the breach. The same suspects are also believed to have played a role in cyberattacks against other well-known retailers, including Marks & Spencer and Harrods, during the same period.


Operational Disruptions

The breach created major technical problems that forced Co-op to rebuild its Windows domain controllers, which are critical servers that manage access across its network. With automated systems unavailable, the group had to fall back on manual operations. Staff rerouted more than 350,000 product items to franchise partners and independent co-ops to help minimize the disruption. Discount vouchers were also offered to members during the outage.

Despite these efforts, the group experienced ongoing challenges, including shortages in certain product categories and steep drops in sales of items such as tobacco. The company explained that while the quick response reduced some of the damage, the weeks of system downtime and the loss of customer information took a substantial toll.


Financial Position 

Co-op emphasised that despite the losses, its overall financial position remains stable. The group has £800 million in available liquidity, which it says will allow it to continue operating without funding concerns while addressing long-term recovery. Executives stressed that the business remains focused on its broader goals even as it manages the fallout from the attack.

The April incident highlights how cyberattacks can have wide-ranging consequences beyond stolen data, disrupting daily operations, reducing consumer trust, and inflicting heavy financial costs. For Co-op, the road to recovery will continue into the second half of 2025.



Warlock Ransomware Emerges as Major Cyber Threat, Security Experts Warn

 

Cybersecurity researchers are sounding the alarm over a fast-growing ransomware operation called Warlock. According to a detailed report by Sophos, this group—also tracked as Gold Salem by Sophos and Storm-2603 by Microsoft—has quickly gained notoriety in the cybercrime world.

Sophos warns that Warlock “could be the most worrying new strain” in recent years. Since first being detected in March 2025, the group has breached more than 60 organizations. What makes the campaign particularly concerning is not just the number of victims but also the group’s sophistication. In just months, Warlock has successfully exploited SharePoint vulnerabilities using a custom ToolShell chain, leveraged legitimate tools like Velociraptor for covert tunneling, deployed Mimikatz for credential theft, and used PsExec/Impacket and GPOs to spread ransomware payloads.

The attackers have also acquired exploits and stolen access credentials from underground forums, despite having no prior public presence.

Attribution, however, remains uncertain. While Microsoft describes Warlock as a “China-based actor,” Sophos believes the evidence is inconclusive. What is clear is that the group has targeted diverse industries and countries worldwide—while deliberately avoiding Russian and Chinese organizations.

One exception stands out: a single Russian company has recently been listed on Warlock’s data leak site. Sophos suggests this points to the group operating outside Russia’s jurisdiction or sphere of influence. Out of more than 60 known victims, the group claims to have sold stolen data from 27 of them (around 45%) to private buyers. Interestingly, only 32% of cases involved public data leaks, which could imply that the remainder either paid ransoms or had their data traded discreetly.

Still, Sophos cautions that Warlock’s claims may be inflated or fabricated. As the report notes, ransomware operators often exaggerate their impact to appear more dangerous and enhance their credibility.

Vendor Data Breaches and Their Business Impact


 

It is evident in the world of digital trust that the financial and reputational costs of a data breach are reaching staggering new heights as the backbone of global commerce becomes increasingly digitally trusted. There is a recent study, Cost of a Data Breach 2025, which shows that the average cost of a single breach has increased by $4.76 million globally, with figures for the US and UK soaring over $9.5 million. 

Finance and healthcare, among other highly targeted sectors where a great deal of sensitive information is at risk, often incur massive losses which often exceed $10 million in damages. However, the monetary settlements and ransomware payouts that usually dominate headlines are only scratching the surface of the crisis. 

Behind the numbers lies a web of hidden expenditures—legal counsel, forensic investigations, regulatory compliance, and extensive recovery efforts—that drain corporate resources years after the initial incident. 

As corrosive as they are, indirect repercussions of a breach are equally as damaging: prolonged downtime that reduces productivity, the cost of fortifying systems against future threats, and the uphill battle it takes to rebuild consumer trust once it has been compromised. 

All these losses are visible and invisible, which illustrates that a security breach is not merely an isolated incident that causes financial losses, but rather is a profound disruption that has a profound impact on the entire organisation. 

Today, third-party data breaches are becoming an increasingly urgent issue for enterprises due to the increasingly interconnected business ecosystems and the increasing complexity of global supply chains, which make them one of the most pressing challenges they face. Research by the industry suggests that nearly one-third of all breaches occur as a result of external vendors, a figure that has nearly doubled over the last year. 

It is not just a matter that these incidents have become more prevalent, but also that they are the most costly ones. According to IBM's latest Cost of a Data Breach Report, third parties are the most reliable predictors of increased breach costs, adding on average 5 per cent more to the already staggering financial burden. There are several reasons behind the rise of this rate. 

The large companies of the world have invested heavily in advanced cybersecurity frameworks over the past decade, which makes direct compromise more difficult for attackers. Because of this, cybercriminals are increasingly turning to smaller subcontractors, suppliers, and service providers whose defences are often weaker. 

Threat actors are able to gain access to larger organizations' systems through trusted connections by infiltrating these weaker links, such as small IT vendors, logistics providers, and even HVAC contractors, by exploiting trusted connections. In particular, for industries that heavily rely on vendor networks that are extremely intricate, indirect infiltration has proven particularly devastating. 

Although small businesses are prime targets for hackers—with 43 per cent of attacks being directed at them—they continue to face significant challenges in adopting comprehensive security practices despite being prime targets. 

There are many consequences associated with such breaches that are much greater than just direct financial losses. They often result in costly regulatory penalties, litigation, and long-term reputational damage that can undermine trust across entire supply chains, resulting in long-term consequences. 

Over the past few years, it has been observed with stark clarity that even the most established businesses remain vulnerable to vendor failures and cyberattacks, including those caused by vendor failures. One of the four data centres operated by the French cloud service provider OVHcloud was destroyed by fire in 2021. The disruption unfolded in a major way. 

A temporary outage of millions of websites, including bank websites, government websites, and major e-commerce platforms across Europe, resulted in a temporary suspension of service. While backups were present, the event revealed critical shortcomings in disaster recovery planning, which led to the loss of millions of dollars of business and data exposure. 

Similar vulnerabilities have been exposed in other high-profile cases as well. There were several breaches in recent months, including Orange Belgium compromising the personal information of 850,000 customers, Allianz Life exposing the data of more than one million policyholders, and Qantas exposing the personal information of more than six million customers, which affected more than six million customers in total. 

Ransomware attacks, targeting the technology providers of the National Health Service, Advanced Computer Systems, disrupted essential hospital services, including blood testing, in the United Kingdom and are associated with at least one patient's tragic death. As a result of this breach, the company was fined £3 million, a penalty which underscored its responsibility but did not come until irreversible harm had been done to the company. 

There is a recurring pattern in the cases: vulnerabilities are not generally caused by a lack of investment on the part of the primary organisation but rather by vulnerabilities in their vendors' infrastructures. It is well known that weak backup systems, inadequate disaster recovery frameworks, and reliance on manual responses can exacerbate the consequences of any breach or outage. 

However, even when basic safeguards are in place, such as data integrity checks, a lack of rigour in implementation leaves critical systems vulnerable. This is the result of NVIDIA's cascading effect—where failures on the virtualisation platform cause widespread operational disruptions, financial losses, regulatory penalties, and, in the case of most NVIDIAs, the loss of lives.

In order to effectively mitigate third-party risks, companies need to go beyond superficial oversight and take a structured, proactive approach throughout the entire lifecycle of their vendors. The experts at the Institute for Information Technology and Innovation emphasise that organisations must begin by integrating security considerations into their vendor selection and sourcing processes. 

Companies that handle sensitive data or operate in highly regulated industries are advised to prioritise partners who demonstrate that their security maturity is in order, have a proven record of compliance with frameworks such as HIPAA, GDPR, or CMMC, and have a track record of no repeated breaches. It is possible to gain deeper insights into potential partners by utilising vendors' risk intelligence platforms or third-party monitoring tools before potential vulnerabilities become systemic threats. 

The contract should be clear about how sensitive data will be stored, accessed, and transferred, including relationships with third parties and even fourth parties. Once the contract is signed, the expectations must be clearly stated. Unless these issues are addressed, organisations run the risk of losing control of confidential information as it travels across vast digital ecosystems. 

Continuous monitoring is equally critical. In order to ensure that vendors that have access to proprietary information or proprietary systems are regularly examined, not only for malicious intent, but also for inadvertent lapses that could allow malware or unauthorised entry, it is crucial to routinely analyse vendors who have access. 

By monitoring external channels, including the dark web, organisations can take measures to get early warnings when credentials have been stolen or data has been compromised. With more and more regulatory frameworks like GDPR, CCPA, and the NY Shield Act coming into effect, compliance obligations have become increasingly demanding, and non-compliance has serious financial and reputational consequences. 

It has been argued that in some industries, third-party certifications, such as the SOC 2, NIST CSF, or the Department of Defence Cybersecurity Maturity Model Certification, can strengthen accountability by ensuring that vendors independently verify their security postures. The issue of vendor offboarding, often overlooked by organisations, is a challenging one that organisations need to address, as well as onboarding and oversight. 

A failure to properly revoke departmental access once a contract is completed can result in lingering vulnerabilities that could be exploited even years after the partnership has ended. As a result, regular audits of the offboarding process are necessary for the protection of assets and compliance with government regulations. Finally, it is becoming increasingly important to have a clear view of the extended supply chain. 

A number of high-profile attacks on software companies, such as SolarWinds and Kaseya, have demonstrated the potential for a cascading effect at the fourth-party level, causing widespread damage across industries. Defining vendor networks and demanding greater transparency will allow organisations to minimise blind spots and minimise the ripple effects of breaches originating far beyond their immediate control, thereby preventing the spread of these breaches. 

Increasingly, organisations have recognised that cybersecurity is no longer purely an internal responsibility, but a shared responsibility for everyone in their supply chain, as breaches related to vendors continue to rise. By taking an integrated approach to vendor risk management, not only will companies be able to mitigate financial and operational damage, but they will also strengthen their resilience to evolving cyber threats in the future. 

A company that invests in comprehensive risk assessments, maintains continuous monitoring, and enforces rigorous contractual obligations with its vendors has a better chance of detecting vulnerabilities before they escalate. In addition, implementing structured offboarding procedures, requiring third-party certifications, and maintaining visibility into extended vendor networks can also lead to a significant reduction in the risk of both direct and cascading attacks. 

Beyond compliance, these measures foster trust with customers, partners, and stakeholders, reinforcing a brand's credibility in a digitally dominated market by consumers, partners, and stakeholders. As long as organisations integrate cybersecurity into each step of the vendor lifecycle—from selection and onboarding to monitoring and offboarding—they safeguard sensitive information, ensure continuity and operational efficiency, and maintain the reputation of the organisation. 

When a single weak link in the electronic system can compromise millions of records, adopting a future-oriented, proactive strategy can transform cybersecurity from a reactive necessity to a competitive advantage that offers both long-term business value and protects against long-term threats.