Two mega-breaches caused by third parties have occurred over the last month, adding to the recent Solarwinds epic supply chain hack, to create a growing tsunami of third party risk for enterprises and government organizations. Security software provider Accellion suffered a breach in their FTA tool which caused many of their clients to have their data exposed to hackers. A number of high-profile customers were affected such as the Jones Day law firm, Kroger stores, and Shell Oil company along with other government and educational institutions. Given the software’s use for storing sensitive data for clients, these breaches are sure to cause lots of pain for the victim companies, with more victims likely to emerge as the investigation continues.
And following on the heels of that announcement, the French government discovered that hackers (likely the Russian “Sandworm” group) have been using a platform by Centreon to breach numerous state and enterprise users for years, as far back as 2017. These brazen, large-scale attacks show that hacking groups have enthusiastically embraced the “hack one, breach many” strategy as a way to maximize the illicit returns of their…
