News brief: Week's top breaches stem from third-party attacks
Check out the latest security news from the Informa TechTarget team.
The challenges of enterprise cybersecurity are well known, yet data breaches, third-party compromises and other cyberattacks continue to wreak havoc.
PwC, which surveyed more than 4,000 business and tech leaders for its "2025 Global Digital Trust Insights," reported that "what worries organisations most is what they're least prepared for." The top five threats cited by respondents -- cloud-related threats, hack-and-leak operations, third-party breaches, connected device attacks and ransomware -- also ranked among the top issues that security leaders claimed they felt the least prepared to address.
History has proved that these concerns are justified, and this past week's news highlighted just how prevalent such issues are. The following companies are a few of the many that made headlines for data breaches, data leaks and attacks.
IT management software vendor ConnectWise
ConnectWise disclosed a breach targeting customers of its ScreenConnect remote monitoring and management software. The company attributed the attack to a "sophisticated nation state actor." ConnectWise engaged Mandiant for forensic investigation and notified affected customers and law enforcement.
ConnectWise said it implemented enhanced monitoring and hardening measures. Details remain limited about the attack scope and number of affected customers.
Risk management services firm LexisNexis
LexisNexis Risk Solutions (LNRS) is facing a third-party data leak affecting more than 360,000 customers. The breach, which was discovered on April 1, but occurred on Dec. 25, 2024, involved an unauthorized individual accessing LNRS customer data from a third-party platform.
Compromised data could include names, contact details, Social Security numbers, driver's license numbers and birth dates. LNRS' own networks were unaffected.
LNRS notified law enforcement, launched an investigation, and is offering affected users free identity protection and credit monitoring for up to two years. No evidence of data misuse has been reported, and no threat group has claimed responsibility.
Retailer Victoria's Secret
Victoria's Secret took its U.S. website offline following an unspecified "security incident," while its U.K. site remained operational and physical stores continued business as usual.
The company said it implemented response protocols and engaged third-party experts to address the incident. Online customer services, including online returns and customer care, were temporarily unavailable. No details about the nature, scope, timing or potential data compromise have been provided.
Telecom provider Cellcom
Cellcom has nearly restored calling and texting services after a cyberattack forced it to take its network offline on May 14, leaving Wisconsin and Michigan customers' devices in SOS mode for nearly a week.
CEO Brighid Riordan confirmed that the company had notified the FBI and begun an investigation. She said there was no evidence that customer data was compromised, as the attack targeted a separate network area. While Cellcom said services were "performing well for most customers" as of Tuesday, some intermittent issues persisted.
Security experts have suggested that the incident might have been a DDoS attack, noting that telecom providers are frequent targets for service disruption and cyberespionage.
Read the full story by Elizabeth Montalbano on Dark Reading.
Software vendor MathWorks
MathWorks, creator of Matlab and Simulink, disclosed a ransomware attack that began on May 18. The attack affected both customer-facing online applications and internal systems. The company initially reported "an issue with multiple applications" and later revealed more affected services, including ThingSpeak, Cloud Center and Matlab Mobile.
By May 21, the company had restored single sign-on and MFA, but some authentication services remained degraded. MathWorks is working with cybersecurity experts to restore remaining systems and has notified federal law enforcement. The ransomware group responsible for the attack remains unidentified, and it's unclear if any data was stolen.
Retailer Adidas
Adidas confirmed that it suffered a data breach through a third-party customer service provider. Affected data included contact information of customers who previously interacted with the company's help desk. No passwords, credit cards or other financial information was compromised.
The company said it is notifying affected consumers and authorities while investigating the incident with security experts. The third-party customer service provider remains unnamed, and the attackers' identity is unknown.
Unnamed MSP
The DragonForce ransomware gang conducted a supply chain attack by exploiting three vulnerabilities in SimpleHelp, a remote monitoring and management tool used by MSPs.
According to Sophos research published this week, the attackers compromised an MSP's SimpleHelp instance to deploy ransomware to multiple downstream customers. SimpleHelp said it patched the vulnerabilities -- tracked as CVE-2024-57727, CVE-2024-57728 and CVE-2024-57726 -- within 48 hours of notification.
DragonForce, which emerged in 2023, is gaining popularity in the criminal ecosystem due to its unique "customer-centric" model that enables affiliates to use their own branding while using DragonForce's infrastructure.
Third-party risk management resources
Learn more about how to manage risks related to third parties here:
- How to build an effective third-party risk assessment framework
- How to create a third-party risk management policy
- How to manage third-party risk in the cloud
- Cybersecurity risks and challenges in supply chain
- Why fourth-party risk management is a must-have
Editor's note: Our staff used AI tools to assist in the creation of this news brief.
Sharon Shea is executive editor of Informa TechTarget's SearchSecurity site.
