News brief: Week's top breaches stem from third-party attacks

IT management software vendor ConnectWise

ConnectWise disclosed a breach targeting customers of its ScreenConnect remote monitoring and management software. The company attributed the attack to a "sophisticated nation state actor." ConnectWise engaged Mandiant for forensic investigation and notified affected customers and law enforcement.

ConnectWise said it implemented enhanced monitoring and hardening measures. Details remain limited about the attack scope and number of affected customers.

Read the full story by Rob Wright on Dark Reading.

Risk management services firm LexisNexis

LexisNexis Risk Solutions (LNRS) is facing a third-party data leak affecting more than 360,000 customers. The breach, which was discovered on April 1, but occurred on Dec. 25, 2024, involved an unauthorized individual accessing LNRS customer data from a third-party platform.

Compromised data could include names, contact details, Social Security numbers, driver's license numbers and birth dates. LNRS' own networks were unaffected.

LNRS notified law enforcement, launched an investigation, and is offering affected users free identity protection and credit monitoring for up to two years. No evidence of data misuse has been reported, and no threat group has claimed responsibility.

Read the full story by Kristina Beek on Dark Reading.

Retailer Victoria's Secret

Victoria's Secret took its U.S. website offline following an unspecified "security incident," while its U.K. site remained operational and physical stores continued business as usual.

The company said it implemented response protocols and engaged third-party experts to address the incident. Online customer services, including online returns and customer care, were temporarily unavailable. No details about the nature, scope, timing or potential data compromise have been provided.

Read the full story by Kristina Beek on Dark Reading.

Telecom provider Cellcom

Cellcom has nearly restored calling and texting services after a cyberattack forced it to take its network offline on May 14, leaving Wisconsin and Michigan customers' devices in SOS mode for nearly a week.

CEO Brighid Riordan confirmed that the company had notified the FBI and begun an investigation. She said there was no evidence that customer data was compromised, as the attack targeted a separate network area. While Cellcom said services were "performing well for most customers" as of Tuesday, some intermittent issues persisted.

Security experts have suggested that the incident might have been a DDoS attack, noting that telecom providers are frequent targets for service disruption and cyberespionage.

Read the full story by Elizabeth Montalbano on Dark Reading.

Software vendor MathWorks

MathWorks, creator of Matlab and Simulink, disclosed a ransomware attack that began on May 18. The attack affected both customer-facing online applications and internal systems. The company initially reported "an issue with multiple applications" and later revealed more affected services, including ThingSpeak, Cloud Center and Matlab Mobile.

By May 21, the company had restored single sign-on and MFA, but some authentication services remained degraded. MathWorks is working with cybersecurity experts to restore remaining systems and has notified federal law enforcement. The ransomware group responsible for the attack remains unidentified, and it's unclear if any data was stolen.

Read the full story by Kristina Beek on Dark Reading.

Retailer Adidas

Adidas confirmed that it suffered a data breach through a third-party customer service provider. Affected data included contact information of customers who previously interacted with the company's help desk. No passwords, credit cards or other financial information was compromised.

The company said it is notifying affected consumers and authorities while investigating the incident with security experts. The third-party customer service provider remains unnamed, and the attackers' identity is unknown.

Read the full story by Kristina Beek on Dark Reading.

Unnamed MSP

The DragonForce ransomware gang conducted a supply chain attack by exploiting three vulnerabilities in SimpleHelp, a remote monitoring and management tool used by MSPs.

According to Sophos research published this week, the attackers compromised an MSP's SimpleHelp instance to deploy ransomware to multiple downstream customers. SimpleHelp said it patched the vulnerabilities -- tracked as CVE-2024-57727, CVE-2024-57728 and CVE-2024-57726 -- within 48 hours of notification.

DragonForce, which emerged in 2023, is gaining popularity in the criminal ecosystem due to its unique "customer-centric" model that enables affiliates to use their own branding while using DragonForce's infrastructure.

Read the full story by Alexander Culafi on Dark Reading.

Third-party risk management resources

Learn more about how to manage risks related to third parties here:

• How to build an effective third-party risk assessment framework
• How to create a third-party risk management policy
• How to manage third-party risk in the cloud
• Cybersecurity risks and challenges in supply chain
• Why fourth-party risk management is a must-have

Editor's note: Our staff used AI tools to assist in the creation of this news brief.

Sharon Shea is executive editor of Informa TechTarget's SearchSecurity site.