3rd-party (aka supply-chain) cyber attacks were one of the main reasons for major data breaches in 2018.  As Black Kite, we regularly monitor, list, and analyze third-party data breaches. In our recent report, Black Kite Major Third-Party Data Breaches of 2018, we provide a  recap of 3rd-party data breaches that hit the news in 2018.

Third-party breaches are on the rise

Almost 60% of the companies experienced a data breach caused by 3rd party according to the 2018 Data Risk in the Third Party Ecosystem Study from Ponemon Institute.

experienced data breach

Top 3 use of a third party

We reviewed 54 major data breaches caused by a third party and disclosed in 2018. Here are the top 3 uses by a third party

top 3 third party data breaches
  • Cloud-based storage, service or hosting providers
  • Online payment, credit card processing, or point-of-sale systems
  • Javascripts on web sites (used for web analytics, visitor tracking, etc.)

Especially injecting malicious code to 3rd-party Javascripts become trendy with famous Magecart campaign that hit TicketMaster, British Airways, Newegg, etc. Very recently, same group hacked Javascript of a French advertising company used by some European-based e-commerce sites that may expose millions of credit card information of e-shoppers.

Over a billion records breached in 2018

In 2018, over a billion records exposed cumulatively according to NordVPN.

  • Facebook announced that more than 50 million users were compromised. This exposure also puts all platforms using the Facebook-login feature under 3rd-party cyber risk.
  • The personal information of around 500 million guests of Marriott Hotels is under risk of exposure. The data breach started at Starwood Hotels before Marriott acquired them. This incident shows the importance of due diligence during M&A operations.

For more information about the other use of third parties caused data breach in 2018 with case studies, download Black Kite Major Third-Party Data Breaches of 2018 report.

Your digital ecosystem multiplies your cyber risk

Each third-party become a part of your digital ecosystem also comes with its cyber risk. Monitoring third-party cyber risk is crucial to avoid data breaches.  Let us talk more about how to monitor 3rd-party cyber risk. Request a demo now.