Articles under this tag examine how organizations assess, monitor, and mitigate risks introduced by third-party vendors. Topics include vendor due diligence frameworks, contract security requirements, continuous monitoring practices, and strategies for building a resilient supply chain.
posts
The Breach That Didn't Start With You In February 2024, Change Healthcare — a subsidiary of UnitedHealth Group — suffered a ransomware attack that disrupted healthcare payment processing across the entire United States for weeks. The threat actor didn't breach UnitedHealth directly. They compromised a vendor system that
The $350 Million Acquisition That Fell Apart Over a Data Breach When Verizon moved to acquire Yahoo in 2017, the deal was nearly complete. Then Yahoo disclosed two massive data breaches affecting all three billion user accounts. Verizon knocked $350 million off the purchase price. That single failure in cybersecurity
The Breach That Didn't Start With You In January 2023, Mailchimp disclosed its second breach in under a year — this time through a social engineering attack on an employee. But the real damage radiated outward. Every company using Mailchimp as a vendor suddenly had a problem they didn&
When Marriott acquired Starwood Hotels in 2016, the deal looked solid on paper. Two years later, Marriott disclosed that hackers had been inside Starwood's reservation system since 2014 — exposing the personal data of up to 500 million guests. The breach predated the acquisition. The liability didn't.
The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability didn't just hit Progress Software. It cascaded through thousands of organizations — government agencies, banks, healthcare systems — because those organizations trusted a single vendor's file transfer tool. Over 2,600 organizations and
The $350 Million Wake-Up Call Nobody Expected When Verizon acquired Yahoo in 2017, a previously undisclosed breach affecting 3 billion accounts forced the deal price down by $350 million. That single failure of cybersecurity due diligence became the most expensive cautionary tale in M&A history — and it permanently
The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability compromised over 2,600 organizations and exposed the data of more than 77 million individuals — not because those organizations had weak security, but because a single vendor did. Companies like Ernst & Young, the BBC,
