March 2026

Most notable supply-chain attacks of 2025 | Kaspersky official blog – BackBox.org News

"text": "# Supply Chain Compromise as Governance Failure: Why 2025's Attack Patterns Expose Contractual and Regulatory Blind Spots\n\n## Framing: The...

Stryker Cyber Attack: What Healthcare and Other Organizations Need to Know

The Stryker cyber attack—a March 2026 compromise of the Michigan-based medical device manufacturer by Iranian-linked threat actors—exposes a structural...

Medical Supplier Hit by Cyberattack | Manufacturing News Desk | advancedmanufacturing.org

The cyberattack on Stryker Corporation, claimed by Iran-backed threat actors, is not a isolated security incident—it is a structural governance failure that...

HHS Office for Civil Rights Breach Portal

The HHS Office for Civil Rights Breach Portal is not merely a reporting mechanism—it is a regulatory enforcement architecture that transforms vendor breaches...

Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company | SECURITY.COM

The compromise of a U.S. bank, airport operator, and defense-sector software supplier by Iranian APT group Seedworm represents a structural governance failure...

NYC Health Notifying Patients of 2 Third-Party Hacks

New York City Health + Hospitals' notification of two separate third-party breaches—one affecting 90,000 patients through a care management partner, another...

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

The compromise of widely-adopted third-party tools—exemplified by the Trivy supply chain incident—exposes a structural governance failure that extends far...

Corewell Health Data Disaster: 19,000 Michigan Patients Snared In Vendor Hack

When a Colorado vendor's 2024 security failure exposed personal information for 19,000 Corewell Health patients in Michigan, the healthcare organization became...

[NIGHTSPIRE] - Ransomware Victim: JT-ATFP, LLC - RedPacket Security

The reported compromise of JT-ATFP, LLC by NIGHTSPIRE ransomware—involving exfiltration of classified contracts, employee records, and Department of Defense...

Biggest U.S. data breach ever? Massive payouts could follow

"text": "# Third-Party Breach Notification Failures and Systemic Liability Cascades: The Conduent Healthcare Data Breach as Governance Inflection Point\n\n##...

SecurityScorecard Third-Party Breach Report 2025

"text": "# Third-Party Breach Risk Is Now the Primary Attack Vector—Not a Secondary Concern\n\n## Why This Structural Shift Matters for Governance, Liability,...

The Vendor Problem - by Andy Lombardo - EdTech IRL

Third-party vendor breaches represent a structural governance blind spot that extends far beyond individual institutions.

Worcester’s emergency notification system back online after breach - masslive.com

Worcester's emergency notification system breach—originating from third-party provider OnSolve CodeRED in November 2025—is not a technology incident.

FBI Seizes Iran-Linked Hacktivist Sites After Cyberattack on Stryker

The FBI's seizure of Iran-linked hacktivist infrastructure following the Stryker Corporation cyberattack exposes a critical governance vulnerability that...

[AKIRA] - Ransomware Victim: Dixon Electrical Systems & Contracting - RedPacket Security

The reported AKIRA ransomware incident targeting Dixon Electrical Systems & Contracting—a full-service electrical contractor serving industrial and...

Surging third-party risk is transforming IT security - Spiceworks

The migration of attack vectors toward vendor ecosystems represents a fundamental shift in how organizations must frame cybersecurity accountability.

Sensitive patient health information leaked in Texas third-party software breach | FOX 4 Dallas-Fort Worth

The Doctor Alliance breach—affecting Amedisys, Angels Care Home Health, and Accent Care—is not primarily a technical failure.

Thousands of Corewell Health patients affected by security breach

The Corewell Health breach—affecting approximately 19,000 patients through a Colorado-based vendor, Pinnacle Holdings LTD—exposes a structural governance...

[PAYLOAD] - Ransomware Victim: A A Al Moosa Enterprises (ARENCO Group) - RedPacket Security

Ransomware incident reporting has become a critical input to vendor risk assessment, regulatory compliance workflows, and insurance underwriting.

Stryker rules out ransomware, confirms threat actor used non-propagating malicious file - Industrial Cyber

"text": "# Vendor Incident Classification as Governance Risk: Why Threat Actor Attribution Shapes Downstream Liability\n\n## Framing: The Structural Weight of...

Thousands of Corewell Health patients affected by 2024 vendor data breach | FOX 2 Detroit

The 2024 breach affecting approximately 19,000 Corewell Health patients through former vendor Pinnacle Holdings represents more than an isolated security...

Cybercrook claims to sell critical info about utilities

The reported breach of Pickett and Associates—a Florida-based engineering firm serving Tampa Electric Company, Duke Energy Florida, and American Electric...

Exclusive research: Cybersecurity issues may worsen in 2026

The Marquis Software Solutions breach—affecting 824,000 customers across 80+ financial institutions—is not a vendor incident.

[PLAY] - Ransomware Victim: TPIS Industrial Services - RedPacket Security

When a ransomware group publicly claims to have compromised an industrial supplier—even without corroborating evidence—downstream customers and regulatory...

The Silent Supply Chain: Why Your Fourth-Party Vendor is Your Biggest Blindspot

The governance failure exposed by extended supply chain breaches is not a technology problem—it is a contractual and oversight architecture problem.

PS26/2: Operational incident and third party reporting | FCA

The Financial Conduct Authority's Policy Statement PS26/2, effective 18 March 2027, fundamentally restructures how UK financial firms must govern, monitor, and...

PS7/26 – Operational resilience: Operational incident and third-party reporting | Bank of England

The Bank of England's Policy Statement 7/26 (March 2026) transforms third-party risk management from an internal control discipline into a formal regulatory...

Data Breach News | Recent Data Breaches in 2026

Organizations increasingly rely on public breach databases—such as BreachSense's March 2026 catalogue—as a primary source of vendor incident intelligence.

Nearly 7M Email Addresses Exposed in Crunchyroll Third-Party Breach

The compromise of nearly 7 million email addresses through Telus Digital's support infrastructure represents more than a data breach—it exposes a structural...

Bend La-Pine Schools: 'SeeSaw' security breach led to app removal from iPads

Bend-La Pine School District's decision to remove SeeSaw from institutional iPads following a security breach represents more than a routine incident response.

In re PowerSchool Holdings, Inc. and PowerSchool Group, LLC Customer Security Breach Litigation | Ongoing | Labaton Keller Sucharow

The PowerSchool breach litigation—now consolidated in federal court with 60+ million exposed K-12 records—exposes a governance architecture failure that...

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI - SecurityWeek

The TeamPCP malware campaign—which compromised Docker Hub, VS Code, and PyPI packages including LiteLLM—reveals a structural governance failure that extends...

Conduent Data Breach Grows, Affecting at Least 25 Million People

The Conduent ransomware breach—affecting at least 25 million individuals across multiple U.S. states—is not merely a data security incident.

NIS2 Directive and Third Party Management

The NIS2 Directive's grace period has ended. Across the EU, enforcement is now active.

Zendesk-Linked Contractor Breach Exposes Data of 37.8 Million ManoMano Customers

The ManoMano breach—affecting 37.8 million customer records through compromised Zendesk subcontractor credentials—exposes a critical governance blind spot that...

2026 Supply Chain & Third-Party Risk Reality Report

"text": "# Third-Party Breach Dominance Is Now Structural—And Your TPRM Program Likely Cannot Respond\n\n## Why Vendor Risk Frameworks Built on Annual...

Palm Bay Portal Down: BridgePay Ransomware Attack

Palm Bay's second significant breach through a third-party payment processor in seven years is not an incident—it is evidence of governance failure.

Medical Device Supply Chain Crisis: How a Major Cyberattack Disrupted Patient Care Across Boston Hospitals – J-C-A

When a cyberattack on a medical device manufacturer forces operating room cancellations across an entire metropolitan healthcare system, the failure is not...

Supply chain breaches fuel cybercrime cycle, report says

Supply chain attacks have transitioned from opportunistic exploitation to systematized threat infrastructure.

Marquis: Ransomware gang stole data of 672K people in cyberattack

"text": "# Vendor Compromise at Scale: When a Single Fintech Breach Disrupts 74 Banks and Exposes 672,000 Individuals\n\n## Why This Matters for Board,...

California-based semiconductor testing company reports ransomware attack to SEC | The Record from Recorded Future News

When a vendor files a breach disclosure with the SEC, downstream customers often assume they will be notified through formal channels.

Hackerone Slams Supplier For Delayed Breach Notice After Staff Data Exposed - RedPacket Security

The breach at Navia Benefit Solutions affecting nearly 300 HackerOne employees illustrates a critical structural failure in third-party breach notification...

HackerOne slams supplier over delayed breach notice • The Register

When a security vendor fails to notify a client of a breach affecting hundreds of employees, the incident reveals a structural governance vulnerability that...

[AKIRA] - Ransomware Victim: Autitransa - RedPacket Security

When a third-party logistics provider suffers ransomware-driven data exfiltration, the governance failure is not confined to the victim organization.

Pickett USA breach allegedly exposes sensitive engineering data linked to US utilities

The alleged breach of Pickett USA—a Tampa-based engineering firm serving Duke Energy Florida, Tampa Electric Company, and American Electric Power—represents a...

Stryker Corporation says cyberattack is now contained | WKZO | Everything Kalamazoo | 590 AM · 106.9 FM

When a critical healthcare equipment manufacturer experiences nation-state cyberattack, the vendor's containment narrative often obscures structural governance...

GOSTA: An Open Governance Specification for Autonomous AI Agents

GOSTA is an open-source specification for governing autonomous AI agents — defining decision authority, autonomy boundaries, kill conditions, and audit trails across a five-layer hierarchy. MIT licensed.

Cybersecurity: The Vendor Risk Reckoning - HIT Leaders and News %

"text": "# Administrative Infrastructure as Critical Risk: The Governance Failure Behind the TriZetto Breach\n\n## Why Healthcare's Vendor Classification Error...

Regulators publish new rules on operational incident and third party reporting | FIN.

The FCA and PRA's new operational incident and third-party reporting rules, effective March 2027, represent a material recalibration of how financial...

When a Cyberattack Hits a National Champion: The £1.5 Billion Bailout That Exposed Britain's Missing Playbook

When a critical supplier's cybersecurity failure triggers a £1.5 billion government bailout, the governance failure extends far beyond the breached...

CommonSpirit Health Patients Affected by Vendor Data Breach

The CommonSpirit Health breach—triggered through a nested vendor chain (Pinnacle → NorthGauge → CommonSpirit)—exposes a structural governance failure that...

Vendor Risk Lessons from the Marquis Data Breach | SBS

"text": "# Vendor Compromise at Scale: The Marquis Breach Exposes Governance Gaps Across 74+ Financial Institutions\n\n## Why This Matters for Board and...

Marquis Data Breach Affects 672,000 Individuals - SecurityWeek

The Marquis data breach—affecting 672,000 individuals across credit unions and banks—is not a typical vendor incident.

Top 10 Ransomware Attacks Over The Past Year

When a single vendor—Salesforce, Oracle, Ingram Micro, PowerSchool, or Synnovis—experiences ransomware compromise, liability does not stop at the breached...

Deaconess patients' sensitive data stolen in vendor breach - DataBreaches.Net

The Deaconess Health System breach—in which a third-party medical records vendor was compromised, exposing patient information across two hospitals—is not...

Cyberattack on Healthcare RCM Vendor May Have Impacted 140K Patients

The compromise of a revenue cycle management (RCM) vendor affecting 140,000 patients at a South Carolina diagnostics company—reported to HHS in February...

Healthcare Supply Chain Under Siege: Lessons from the Stryker Cyberattack and Emerging AI Threats - Tildee

"text": "# Healthcare Supply Chain Visibility Failures: Why Stryker Exposes Contractual and Regulatory Governance Gaps\n\n## Framing: A Structural Liability...

20th March 2026 Cyber Update: Headlines of the Week

The Stryker medical technology incident—involving compromise of a Microsoft Intune administrator account that enabled attackers to remotely wipe approximately...

The Conduent Breach: From 10 Million to 25 Million (and Counting)

The Conduent breach—now affecting 25 million individuals across healthcare, government benefits, and corporate payroll systems—represents more than a data...

Ericsson US discloses data breach after service provider hack

When a service provider is breached, regulatory and contractual liability flows to the primary organization—not the vendor.

Ericsson breach blamed on third party vendor vishing attack

"text": "# Vendor Notification Delays as Regulatory Liability: The Ericsson Breach and the Seven-Month Governance Gap\n\n## Why This Matters at Board and...

Bank software vendor Marquis says more than 670,000 impacted by August breach | The Record from Recorded Future News

The Marquis Software breach—affecting 672,075 confirmed individuals across 74 financial institutions, with estimates reaching 1.35 million—is not primarily a...

Six Supply Chain Attack Groups to Watch Out for in 2026 | Group-IB Blog

Supply chain attacks have evolved from isolated vendor compromises into a three-layer exploitation strategy: direct supplier breach, multi-tenant platform...

Ericsson Blames Vendor Vishing Slip-up for Breach Exposing Thousands of Records

"text": "# Vendor Breach Notification Failure: The Seven-Month Detection Gap That Exposes Governance Weakness\n\n## Why This Matters at Board and Regulatory...

Crunchyroll Data Breach Exposes 100GB Of User Data — How A Single Compromised Vendor Unlocked Sony’s Crown Jewels + Video - Undercode Testing

The Crunchyroll breach—triggered by the compromise of a single Telus vendor employee—exposes a structural governance failure that regulators, auditors, and...

FCA confirms new incident and third party rules to bolster resilience | FCA

The Financial Conduct Authority's formalization of incident and third-party reporting rules represents a watershed moment in how regulatory bodies treat supply...

Marquis breach toll surpasses 670K | brief | SC Media

When a single third-party vendor breach affects 74 banking institutions and compromises 672,075 individuals, the failure is not technical—it is structural.

Cyberattack via supplier: How to protect the company - Nordlo

Supply chain compromise through third-party suppliers represents a structural governance failure, not merely a technical incident.

FCA Updates Cyber Incident and Third-Party Reporting Rules - Infosecurity Magazine

The Financial Conduct Authority's updated cyber incident and third-party reporting framework—effective March 18, 2027—codifies a governance reality that most...

10 Supply Chain Attack Examples and How to Detect Them

Supply chain compromises represent a structural liability exposure that extends far beyond the vendor relationship itself.

Supply chain breaches fuel cybercrime cycle, report says • The Register

Supply chain breaches have fundamentally shifted from isolated incidents to coordinated, self-reinforcing attack cycles that blur the boundary between initial...

FCA Issues New Rules For Cyber Incident & Third-party Reporting

The Financial Conduct Authority's clarification of cyber incident and third-party reporting requirements signals a critical structural weakness in how...

Cyberattack on Stryker causes hospital operation delays | УНН

When a single vendor's infrastructure fails under cyberattack, the damage does not stop at that vendor's balance sheet.

Deaconess Health reports data breach tied to vendor - SAT PRWire

The Deaconess Health System breach—originating from third-party vendor MediCopy's compromised cloud infrastructure—is not a vendor failure story.

Ericsson US Discloses Data Breach After Service Provider Hack

When a service provider is compromised, the primary vendor becomes the regulatory defendant.

Bain Struggles to Dismiss PowerSchool User Data Breach Claims

The failure of Bain Capital and PowerSchool to dismiss data breach claims affecting approximately 50 million individuals—students, parents, and...

Deaconess Health reports data breach tied to vendor

Healthcare organizations face a persistent governance failure when third-party vendor breaches occur: the liability chain remains opaque, notification...

Ericsson blames vendor vishing slip-up for breach exposing thousands of records

Ericsson's disclosure of a 15,000-record breach originating from a vendor social engineering attack—coupled with a seven-month notification delay—reveals a...

Cyberattack on med-tech company a 'wake-up call' to threats to U.S. - UPI.com

"text": "# Medical Device Wiper Attack Exposes Structural Governance Failure in Healthcare Vendor Risk Management\n\n## Why This Matters at Board and...

$5.25M Cadence Bank Settlement Ends Class Action Lawsuit Over May 2023 Data Breach

Cadence Bank's $5.25 million settlement over a May 2023 MOVEit vulnerability breach exposes a critical governance asymmetry: financial institutions bear full...

Vendor Risk Lessons from the Marquis Data Breach

"text": "# Vendor Compromise as Systemic Risk: The Marquis Breach Exposes Governance Blind Spots in Financial Services\n\n## Why This Matters at Board and...

Marquis says over 672,000 people had personal and financial data stolen in ransomware attack | TechCrunch

The Marquis ransomware incident—affecting 672,075 individuals through a fintech vendor embedded across hundreds of banking institutions—represents more than a...

[AKIRA] - Ransomware Victim: bdtronic - RedPacket Security

The alleged AKIRA ransomware compromise of BDTRONIC—a German manufacturing vendor serving automotive, electronics, telecommunications, and renewable energy...

A Potential Breach of an Anonymous Tip App Could Have Exposed Sensitive Student Data

"text": "# Third-Party Vendor Breach Exposes Structural Governance Failures Across 30,000 U.S.

Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon | The Record from Recorded Future News

The Interlock ransomware group's exploitation of CVE-2026-20131 in Cisco Secure Firewall Management Center—beginning January 26, weeks before public disclosure...

The Conduent breach; from 10 million to 25 million (and counting)

The Conduent breach—now affecting 25+ million individuals across multiple US states—is not primarily a cybersecurity incident.

Conduent Data Breach Grows, Affecting at Least 25M People

The Conduent ransomware incident—affecting at least 25 million individuals across multiple U.S. states—is not primarily a cybersecurity story.

Pickett USA Breach Exposes Sensitive Engineering Data Linked to US Utilities

The Pickett USA breach—exposing 139 GB of operational engineering data linked to Duke Energy Florida, American Electric Power, and Tampa Electric Company—is...

Cybersecurity Terms in Third-Party Contracts: Are You Being Served, or Served Up?

"text": "# Contractual Asymmetry in Vendor Risk: Why Standard MSP Terms Systematically Disadvantage Organizations\n\n## Governance Liability Embedded in...

Infosys Settles Data Breach Class Action Lawsuits for $17.5M

Infosys McCamish Systems' $17.5 million class action settlement for a November 2023 LockBit ransomware attack reveals a fundamental structural weakness in how...

Bank of America customer data exposed in IT provider breach

When 57,028 Bank of America customer records—including Social Security numbers and addresses—were compromised through Infosys McCamish Systems in November...

Customer Updates: Stryker Network Disruption

Stryker Corporation's March 2026 disclosure of a "global network disruption" to its Microsoft environment illustrates a systemic governance failure in how...

Major US Banks Gauge Their Exposure to SitusAMC Breach

The SitusAMC breach affecting JP Morgan Chase, Citi, and Morgan Stanley reveals a structural governance failure that extends far beyond a single incident.

Major US Banks Impacted by SitusAMC Hack

The SitusAMC breach affecting JPMorgan, Citi, Morgan Stanley, and other major US financial institutions represents more than a single vendor incident.

Energy Sector Contractor ENGlobal Targeted in Ransomware Attack

The ransomware compromise of ENGlobal Corporation—a contractor embedded in energy sector operations—reveals a critical governance blind spot: most...

Ransomware attack kept major energy industry contractor out of some systems for 6 weeks

When a major energy and federal government contractor experiences a six-week operational lockout due to ransomware, the incident extends far beyond that single...

Third-party vendors drive 45% of breaches in US energy sector

Third-party vendors account for nearly half of all confirmed breaches in US energy infrastructure, with forensic evidence suggesting they drive 90% of...

Pickett USA breach allegedly exposes sensitive engineering data linked to US utilities

The January 2026 breach of Pickett USA—a Tampa-based engineering firm serving Tampa Electric Company, Duke Energy Florida, and American Electric Power—is not...

Change Healthcare breach: The cyberattack's impact 2 years later

Two years after the Change Healthcare cyberattack, the case has evolved from a discrete security incident into a structural indictment of vendor risk...

Ransomware groups target vendors to get into hospitals

Healthcare organizations face a fundamental structural inversion in cyber liability: they bear regulatory and contractual accountability for breaches...

Ericsson US discloses data breach after service provider hack

When Ericsson US disclosed a breach affecting 15,661 employees and customers through a compromised service provider, the incident revealed a structural...

98% of organizations worldwide connected to breached third-party vendors

The finding that 98% of organizations maintain active integrations with breached third-party vendors is not a data point—it is evidence of structural...

Stryker: Pro-Iran hackers claim cyberattack on major US medical device maker

When pro-Iran threat actors compromised Stryker Corporation's Microsoft environment in March 2026, they exposed a structural governance failure that extends...

Ericsson Breach Exposes Data of 15k Employees and Customers

Ericsson's April 2025 breach affecting 15,661 employees and customers—routed through a compromised third-party service provider—exposes a critical governance...

What caused Stryker's global outage?

When a single medical-technology vendor's infrastructure fails due to a coordinated cyberattack, the incident does not remain contained at the vendor's...

Conduent Breach Count Jumps From 10 Million to More Than 25 Million - Wyo Support News

The Conduent breach—expanding from an initial estimate of 10.5 million to over 25 million affected individuals—represents more than a single vendor failure.

Ericsson Blames Vendor Vishing Slip Up For Breach Exposing Thousands Of Records - RedPacket Security

The Ericsson incident—affecting 15,661 individuals through a compromised third-party vendor—is not primarily a cybersecurity failure.

Iranian Cyber Attacks and the quiet day the hospital supplier went dark - El-Balad.com

The reported cyberattack on Stryker—a Michigan-based medical device manufacturer serving hospitals globally—exposes a critical structural weakness in how...

Marquis breach toll rises to 80 banks, 824,000 consumers

The Marquis Software Solutions ransomware incident—affecting 80 banks, 824,000 consumers, and exposing names, Social Security numbers, dates of birth, and...

Supply Chain Attacks Dominate 2026 Threats

"text": "# Vendor Risk Governance Fracture: Why Supply Chain Attacks Expose Contractual Liability Gaps\n\n## Framing: The Structural Governance...

The Silent Supply Chain: Fourth-Party Vendor Risks and Hidden Dependencies

The governance failure revealed by fourth-party and nth-party vendor exposure is not a gap in vendor management—it is a structural blind spot in how...

Stryker Cyberattack Exposes Fragile Hospital Supply Chains Now – The Beltway Report

The Stryker Corporation cyberattack—a destructive wiper operation that disrupted global Microsoft environments, manufacturing, and order processing in March...

Data breach on care management company impacts 5K patients at NYC Health

A cyberattack on a revenue cycle management (RCM) vendor serving NYC Health has compromised approximately 140,000 patient records.

Marquis Software Solutions breach pinned on SonicWall hack

The Marquis Software Solutions breach, traced to compromised credentials stolen during the SonicWall firewall vulnerability exploitation, represents a...

Blog 108b. Urgent Publication! The Stryker Cyberattack!

"text": "# Medical Device Supply Chain Under Siege: Why the Stryker Attack Exposes Vendor Risk Governance Failures\n\n## Framing: When a $25 Billion Vendor...

Supply chain attacks now fuel a 'self-reinforcing' cybercrime economy

Supply chain attacks have evolved beyond isolated incidents into a self-reinforcing criminal ecosystem—a structural shift that fundamentally alters how...

LexisNexis hit by second data breach in two years | American Banker

A second data breach at LexisNexis within two years signals a critical governance failure that extends far beyond a single vendor incident.

Ransomware attack kept major energy industry contractor out of some systems for 6 weeks

ENGlobal Corporation's six-week ransomware-induced operational blackout is not a technical incident report—it is a governance failure that cascades across...

Ericsson US Unit Reports Data Breach Tied To Third-Party Service Provider

Ericsson's US subsidiary's data breach—originating from an unnamed third-party service provider and discovered nearly two weeks after initial...

Stryker Down! Iranians Hack the Healthcare Sector Technology Provider | by Matthew.Rosenquist | Mar, 2026 | Medium

When a major medical device manufacturer becomes the target of a state-sponsored destructive cyberattack, the failure is not primarily technical—it is...

Stryker still recovering from Iran-linked cyberattack - Medical Device Network

Stryker's extended recovery from the March 2025 Handala cyberattack exposes a structural governance failure that extends far beyond a single vendor incident.

Vendor Ransomware Incident Exposes Patient Data Linked to Vikor Scientific - HIPAA Coach

The Catalyst RCM ransomware attack—affecting nearly 140,000 individuals through Vikor Scientific and affiliated laboratory networks—represents far more than an...

The Change Healthcare Cybersecurity Breach: Impact on Healthcare Providers

The Change Healthcare breach is not primarily a cybersecurity incident—it is a governance failure.

Marquis Software Breach: 80+ Banks and 823K Consumers Affected

The Marquis Software Solutions ransomware incident—affecting 80+ financial institutions and over 823,000 consumers—exposes a structural governance failure that...

Ontario health agency vendor suffered major ransomware attack in 2025 | Globalnews.ca

When a third-party vendor to a public health organization suffers a ransomware attack involving personal health information, the incident becomes a test of...

8 Third-Party Risk Examples Every 2026 Security Team Should Know

"text": "# Third-Party Breach Taxonomy: Why Supply Chain Incident Patterns Demand Contractual and Governance Redesign\n\nFraming the Governance...

ManoMano Third-Party Breach: 38M Users Exposed via Zendesk Contractor

The January 2026 ManoMano breach—exposing 37.8 million customer records through a compromised Zendesk contractor—represents a structural failure in third-party...

After tax return data leak, US Treasury terminates consulting firm Booz Allen Hamilton contracts - The Times of India

The US Treasury Department's termination of its contracts with Booz Allen Hamilton—following the 2024 conviction of a former IRS contractor for leaking...

Iranian hackers take credit for attack on US medical equipment supplier that caused systems to go down

The March 2026 compromise of Stryker Corporation—affecting 200,000+ systems and extracting 50 terabytes of data—is not merely a headline incident.

CyberSol Featured as "New Innovation" in Security Delta's March Security Insight

Security Delta (HSD) features CyberSol's open-source DDD framework as a "New Innovation" in their March 2026 Security Insight newsletter

The Rise of Supply Chain Attacks in 2026

Supply chain attacks have fundamentally shifted the attack surface away from perimeter defense toward vendor trust relationships and their underlying...

The seven largest banking data breaches of 2025

The 2025 banking sector breach landscape documents a structural shift in attack surface: financial institutions are no longer the primary targets—their vendors...

Conduent Data Breach: 25M Americans Affected in Largest Government Contractor Incident

A ransomware attack on Conduent, a critical infrastructure vendor managing state benefits administration and HR services for over 100 million individuals...

Best Practices for Third-Party Incident Response

"text": "# Third-Party Incident Response as Governance Liability, Not IT Operations\n\n## Why Your Vendor Breach Response Plan Is a Board-Level Accountability...

More Banks Issue Breach Notifications Over Supplier Breach

When a single software vendor serving 700+ financial institutions falls to ransomware, the governance failure is not localized—it cascades across an entire...

Cybercriminals seize on MSP tools to harvest personal data

The weaponization of remote monitoring and management (RMM) platforms represents a fundamental shift in how supply chain compromise operates.

Data breach affecting 11 physician practices confirmed to impact 627K patients

The confirmed compromise of ApolloMD's network infrastructure—affecting 11 physician practices and 627,000 patient records—represents a structural governance...

Report: Why Managed Service Providers Are Now Ground Zero for Attacks

"text": "# MSP Compromise as First-Order Vendor Risk: Why Board-Level Governance Frameworks Are Failing\n\n## Framing\n\nManaged Service Providers have...

Pickett USA breach allegedly exposes sensitive engineering data linked to US utilities

In January 2026, a threat actor publicly offered 139 GB of operational engineering data allegedly stolen from Pickett USA, a Tampa-based firm serving three...

The PowerSchool Breach: A Privacy Lesson on Third-Party Risk Exposure

The PowerSchool breach—affecting 62 million students and 9.5 million educators globally—is not primarily a technology failure.

The Conduent breach; from 10 million to 25 million (and counting)

The Conduent breach—now affecting 25 million individuals across the United States—represents far more than a data security incident.

ENGlobal Energy Contractor Ransomware Breach and CenterPoint Energy Data Leak

The 2026 ransomware attack on ENGlobal Corporation—a third-party contractor with direct access to energy sector systems—exposes a structural governance failure...

Conduent data breach grows, affecting at least 25M people

A ransomware attack on Conduent, one of the largest government contractors in the United States, has compromised personally identifiable information and health...

Evolving supply chain attacks create a critical opportunity for MSPs

"text": "# Supply Chain Compromise as Governance Failure: Why Static Vendor Assessment No Longer Satisfies Regulatory Obligation\n\n## Framing: The Structural...

How a ransomware attack left an Ontario government health agency scrambling | Globalnews.ca

When a vendor within a critical supply chain experiences a ransomware compromise, the primary organization faces cascading liability, regulatory exposure, and...

FBI Wiretap Breach: What Happened and Why It Matters

The February 2026 FBI wiretap breach represents a structural governance failure that extends far beyond technical incident response.

Ericsson breach blamed on third party vendor vishing attack • The Register

The Ericsson incident—a 15,661-record breach initiated through vishing against an unnamed third-party vendor—exposes a structural governance failure that...

US hospitals under cyber attack? Iran-linked hackers claim to have hit medical major Stryker- The Week

When a single vendor serves over 150 million patients annually and a cyberattack disables hospital operations across the US healthcare system, the failure...

Conduent Breach Analysis: Third-Party Blind Spot and Cascading Impact

The Conduent breach—affecting between 10 and 25 million individuals across SNAP, Medicaid, state healthcare systems, and corporate HR infrastructure spanning...

Ericsson US Data Breach: What Cradlepoint Users Should Know

Ericsson's disclosure of a significant data breach stemming not from its own infrastructure but from a downstream service provider illustrates a structural...

Stryker Cyberattack Wipes Employee Devices, Handala Claims Breach - TechNadu

The Stryker Corporation cyberattack—involving alleged wiper malware that destroyed over 200,000 internal systems, exfiltrated 50 terabytes of proprietary data,...

Stryker Cyberattack Sparks Health Sector Alert as Iran-Linked Hackers Target Medtech Firm Serving 150M Patients | IBTimes UK

When a single medical device manufacturer serving 150 million patients globally falls victim to state-linked cyberattack, the governance failure is not...

LexisNexis Breach Exposes Federal Judges and DOJ Attorneys to Hackers - State of Surveillance

When a legal research vendor serving federal judges and Department of Justice attorneys suffers a data breach, the failure transcends a single organization's...

LexisNexis Says Data Breach Has Been Cointained; Hackers Claim Access to Government and Law Firm User Data | LawSites

When LexisNexis—a foundational data infrastructure vendor serving government agencies, law firms, and financial institutions—confirms a breach with threat...

Cybercriminals seize on MSP tools to harvest personal data | Channel Dive

Managed Service Provider (MSP) platforms have become primary attack vectors for threat actors seeking to compromise downstream clients at scale.

Cyberattack on healthcare RCM vendor may have impacted 140K patients

A cyberattack against Vikor Scientific, a healthcare revenue cycle management (RCM) vendor, has exposed patient data for approximately 140,000 individuals.

Third-Party Data Breach at Online DIY Firm ManoMano Affects Nearly 38 Million People - CPO Magazine

The ManoMano incident—affecting nearly 38 million customers through a compromised subcontractor's Zendesk instance—represents a structural failure in vendor...

How a Supplier Ransomware Attack Shut Down Toyota’s Just-in-Time Manufacturing | OT Cybersecurity

The ransomware attack on Kojima Industries—a critical Toyota supplier—resulted in the operational shutdown of 14 manufacturing facilities.

TriZetto confirms 3.4M people's health and personal data was stolen during breach | TechCrunch

A health technology vendor's confirmation that 3.4 million individuals' personal and health data was exfiltrated during a breach that remained undetected for...

Symantec reports Iranian Seedworm hackers infiltrate US infrastructure and defense supply chain networks - Industrial Cyber

Iranian state-sponsored actors maintaining persistent access within US defense contractor networks is not primarily a technical incident—it is structural...

Cognizant TriZetto breach exposes health data of 3.4 million patients

Hacktivists Claim DHS Breach, Leak 6,600+ ICE Contractor Records

A claimed hacktivist breach of Department of Homeland Security systems exposing 6,681 ICE contractor applicant records—including personnel from major...

Shocking Healthcare Cyberattack: Worldleaks Ransomware Gang Strikes US Drug Manufacturer Sagent Pharmaceuticals - UNDERCODE NEWS

The reported ransomware attack on Sagent Pharmaceuticals by the Worldleaks group represents more than an isolated incident—it exposes a fundamental governance...

Ontario government home care vendor paid ransom to regain access to its servers: report | Globalnews.ca

A ransomware incident at Ontario Medical Supply—a third-party vendor contracted to Ontario Health atHome—resulted in a ransom payment that was initially...

Ericsson U.S. Unit Discloses Vendor Breach That Exposed Employee and Customer Data | Prism News

Ericsson's disclosure of an unnamed vendor breach—where unauthorized access persisted undetected for five days, followed by a six-day discovery lag before...

Dozens of Major Data Breaches Linked to Single Threat Actor - SecurityWeek

The concentration of dozens of major data breaches under a single threat actor operating across energy, aerospace, defense, healthcare, and telecommunications...

When the Firewall Vendor Gets Breached: Marquis Software’s Lawsuit Against SonicWall Exposes a Growing Crisis in Cybersecurity Supply Chains

When a critical infrastructure vendor's own security controls fail, downstream customers face a compounding liability exposure that existing contractual...

The Breach Came From a Vendor You Never Hired Third-Party & Supply Chain — Feb 26, 2026 | By Alice Eneyo | by Alice eneyo | Feb, 2026 | Medium

The June 2025 compromise of Chain IQ Group AG—a procurement platform serving at least 19 direct clients and exposing over 130,000 employee records—illustrates...

Major health provider data breach may have affected thousands more people - over 700k now thought to have been hit | TechRadar

A breach affecting over 700,000 individuals across multiple health provider organizations—originating from TriZetto Provider Solutions, a Cognizant...

IU Health files lawsuit against healthcare tech company following 2024 data breach - Indiana Daily Student

IU Health's lawsuit against Change Healthcare following a 2024 data breach represents more than a single institutional dispute—it marks a critical inflection...

Zendesk-Linked Contractor Breach Exposes Data of 38MN ManoMano Customers

The ManoMano breach—affecting 38 million customer records through a compromised third-party contractor with Zendesk access—exposes a critical governance blind...

Trizetto Data Breach: PHI of 3.4 Million Individuals Exposed

A major healthcare technology vendor's unauthorized web portal access resulting in exposure of 3.4 million individuals' protected health information (PHI)...

Conduent data breach hits at least 25M individuals - Becker's Payer Issues | Payer News

A business services provider breach affecting 25 million individuals represents not merely an isolated incident, but a governance failure across multiple...

Change Healthcare breach: The cyberattack’s impact 2 years later - Modern Healthcare

The Change Healthcare breach, now two years into active litigation and remediation, represents far more than a cybersecurity incident.

Texas Attorney General Investigates 25M+ Conduent Business Services Data Breach

The 25-million-record healthcare data breach at Conduent Business Services, now under investigation by the Texas Attorney General, represents more than a...

INC Ransom Claims Breach of ACWA Power and Larsen & Toubro - TechNadu

"text": "# Critical Infrastructure Vendor Breach: When Third-Party Compromise Becomes Your Regulatory Obligation\n\n## Governance Implication: ACWA Power and...

Internal data of Airbus and Boeing supplier is out: What hackers have stolen this time?

The compromise of LISI Group, a Tier-1 supplier to Airbus and Boeing, by the Qilin ransomware group represents a structural failure in supply chain vendor risk...

US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach - SecurityWeek

A US-based healthcare diagnostic firm's disclosure of a breach affecting 140,000 individuals represents a structural governance failure that extends far beyond...

Vendor breach may have exposed Bayada client data

When healthcare provider Bayada Home Health Care disclosed a data breach originating not from its own systems but from third-party vendor Doctor Alliance, it...

Hackers claim LexisNexis breach exposing 400K users, including federal judges

A breach affecting approximately 400,000 users at LexisNexis—including federal government accounts, enterprise customers, and internal system...