Recent Data Breaches in the News

Atrium Health says hacking compromised personal data of more than 2 million people

November 27, 2018 | The Charlotte Observer

A hacking affecting Atrium billing vendor AccuDoc may have affected as many as 2.65 million people, Charlotte-based Atrium said. Of those, about 700,000 patients may have had Social Security numbers compromised, according to Atrium.

Opus & Ponemon Institute announce results of 2018 third-party data risk study: 59% of companies experienced a third-party data breach, yet only 16% say they effectively mitigate third-party risks

November 15, 2018 | The Associated Press

According to the Opus and Ponemon study, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is even higher at 61 percent -- up 5 percent over last year’s study and a 12 percent increase since 2016.

Third-party data breach exposes info of Alabama hospital job applicants

November 12, 2018 | Security Boulevard

Third-party vendors are turning into a key challenge because third-party risks have been neglected for far too long, even though they come with many associated risks.

4.4M records exposed in 117 health data breaches in Q3 2018

November 6, 2018 | Health IT Security

Third parties continue to pose risks to healthcare providers. Third-party breaches accounted for 1.34 million patient records being breached in the third quarter of 2018.

Department of Defense Data breach exposes 30,000 employees

October 14, 2018 | Forbes

On October 4th, Pentagon officials were alerted to a data breach that affected its personnel. Unauthorized hackers gained access to personal information and credit card numbers. The data was accessed via a system that maintained travel records. That system was not operated by the Department itself but an unnamed third party contractor.

City of Tyler’s Click2Gov payment system breached

September 11, 2018 | Central Texas News

According to a press release from Tyler, TX Monday, the city was notified that an unknown third-party was able to gain access to payments made through the system the City uses to collect payments for utilities and municipal court fines and fees.

Breach Reveal: PG&E exposed 30,000 sensitive records and fined $2.7 million

August 28, 2018 | Data Breach Today

A previously unnamed U.S. energy company that agreed to a record $2.7 million settlement after it left 30,000 records about its information security assets exposed online for 70 days in violation of energy sector cybersecurity regulations has been named as California utility PG&E.

6 eye-raising third-party breaches

August 10, 2018 | DARK Reading

This year's headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands.

‘Big Red Flag’: automakers’ trade secrets exposed in data leak

July 20, 2018 | New York Times

Automakers like Tesla, Toyota, and Volkswagen go to great lengths to keep their technical information confidential. Details about assembly line machinery and proprietary robotics are among the industry’s most closely guarded trade secrets. But the inadvertent exposure of customers’ data illustrates a problem confounding businesses: Some of their biggest security risks come from their suppliers and contractors.

Combat third-party risk with the right cyber posture

July 11, 2018 | Forbes

Although there seems to be significant awareness of third-party risk, with 60% of respondents in a recent NTT Security report pointing to third parties as the weakest security link in their organizations, most companies simply aren’t doing enough to assess or mitigate that risk.

Best Buy hit by [24] data breach, too

April 5, 2018 | CNET

BestBuy says it was affected by the [24] breach, due to its use of an online customer service software during a 15-day period when that third party firm's online chat tool was infected with malware.

Delta, Sears Breaches blamed on malware attack against a third-party chat service

April 5, 2018 | threat post

Security researchers are pinning a recent data breach – that potentially exposed the credit card information of hundreds of thousands of Delta Air Lines and Sears Holdings customers – on weak third-party security policies.

Understanding Third-Party Risk

White Paper
56% of organizations have experienced a data breach due to a third party.