CyberSecurity news
FlagThis - #thirdpartyrisk
|
@cyberinsider.com
//
Adidas has confirmed a data breach impacting customer data via a third-party customer service provider. According to Adidas, the compromised data primarily consists of contact information of customers who had previously contacted their customer service help desk. The company assures that sensitive information like passwords, credit card, or any other payment-related information were not affected in the incident.
Adidas became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider. Adidas has immediately taken steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts. The company is currently notifying affected customers and is cooperating with data protection authorities and investigators as required by law. This breach marks the third publicly acknowledged incident involving the sportswear giant’s customer service systems recently. The company is working to clarify the situation, reinforcing the importance of securing third-party providers to prevent them from becoming a gateway for attackers to access target systems. Adidas expressed that they remain fully committed to protecting the privacy and security of their consumers and sincerely regret any inconvenience or concern caused by this incident.
Share:
References :
Classification:
Dissent@DataBreaches.Net
//
A ransomware attack on Business Systems House (BSH), a Middle Eastern partner of payroll provider ADP, resulted in the theft of Broadcom employee data in September 2024. The breach was claimed by the El Dorado ransomware group, who according to open source trackers, took responsibility in November of that year. Broadcom, a multinational semiconductor and infrastructure software company, used ADP for payroll processing, with BSH functioning as ADP’s regional provider in the Middle East.
Broadcom was in the process of transitioning away from ADP and BSH at the time of the attack; however, the switch had not been finalized. Sensitive data was compromised, and although the data was leaked online in December 2024, Broadcom was not informed about the breach until May 12, 2025. The delay in notification highlights the challenges organizations face in monitoring and securing extended vendor ecosystems. The stolen data was in an unstructured format, complicating the process of identifying affected employees and the specific data fields disclosed. After discovering the attack, BSH/ADP have been working with ADP and outside experts to investigate the incident and take the necessary steps to harden BSH's environment to protect from similar attacks. Local law enforcement and data protection authorities have been notified. It's understood Broadcom's HR department has begun the process of informing current and former staff who are affected by the ransomware attack.
Share:
References :
Classification:
@The DefendOps Diaries
//
Ascension, one of the largest private healthcare systems in the United States, is facing scrutiny following a significant data breach. The company revealed that the personal and healthcare information of over 430,000 patients was exposed in an incident disclosed last month. The breach stemmed from a compromise affecting a former business partner, highlighting the inherent risks associated with third-party vendors and the critical need for robust cybersecurity measures within the healthcare ecosystem.
The vulnerability in third-party software allowed attackers access to sensitive patient data. Depending on the patient, the attackers could access personal health information related to inpatient visits, including the physician's name, admission and discharge dates, diagnoses, and more. The data breach underscores the importance of healthcare organizations thoroughly vetting and continuously monitoring third-party vendors and their software solutions. This situation exemplifies how a single point of failure in the supply chain can have far-reaching consequences for patient privacy and data security. The Ascension data breach has broader implications for healthcare cybersecurity. The incident serves as a stark reminder of the vulnerabilities in healthcare systems, especially those involving third-party software. The lessons learned emphasize the need for strengthening cybersecurity defenses against third-party and ransomware threats. Healthcare providers must prioritize data protection, regularly assess the security of their partners, and implement robust measures to protect patient information from evolving cyber threats.
Share:
References :
Classification:
|