BREACH & RANSOMWARE

A former DigitalMint incident‑response negotiator admitted to sharing confidential client negotiation details with the BlackCat ransomware gang, facilitating multimillion‑dollar extortion of U.S. organizations. The case underscores insider risk within third‑party security providers and the financial exposure it creates for their customers.

Tempus AI is sued for training AI on and selling genetic data acquired from Ambry Genetics without patient consent, exposing pharma partners and downstream users to regulatory risk and potential re‑identification of supposedly de‑identified DNA.

State‑sponsored Lazarus hackers hijacked LayerZero’s verification layer, stealing $290 M of rsETH from KelpDAO and forcing major DeFi lenders to freeze collateral. The breach highlights supply‑chain risk in cross‑chain infrastructure for crypto‑finance platforms.

Vercel disclosed a breach tied to its Context.ai integration that resulted in the theft of customer data now listed for $2 million. The incident highlights supply‑chain risk for organizations relying on cloud‑hosted platforms and third‑party services.

A Vercel employee’s use of an internal AI development assistant inadvertently accessed and leaked OAuth tokens, allowing attackers to retrieve source code and configuration data from Vercel‑hosted projects. The breach underscores the third‑party risk of credential exposure in SaaS platforms.

A cyber‑attack on the French ANTS portal on 15 April 2026 may have leaked personal details of up to 19 million individuals, including names, emails, birth dates and addresses. The breach poses significant identity‑theft risk for third‑party services that rely on ANTS‑verified data, making it a high‑priority TPRM concern.

The Gentlemen ransomware‑as‑a‑service group has incorporated the SystemBC proxy botnet (≈1,570 compromised hosts) into its delivery chain, enabling covert, high‑volume attacks on corporate environments worldwide. This evolution raises supply‑chain risk for vendors hosting or relying on virtual servers.

Attackers accessed Amtrak’s customer‑relationship‑management system and extracted personal data for over 2.1 million travelers. The breach highlights third‑party SaaS risk for transportation firms and the need for stricter credential controls.

Tyler Buchanan, a key operative of the Scattered Spider group, admitted to hacking dozens of companies, stealing roughly $8 million in cryptocurrency, and exfiltrating sensitive corporate data through SMS‑based phishing and SIM‑swap attacks. The case underscores the risk of SMS MFA and the need for stronger credential protection in third‑party relationships.

A $290 million cryptocurrency theft from Kelp was linked to a supply‑chain breach of LayerZero’s verification network. The incident demonstrates the danger of relying on a single third‑party verifier and the need for diversified security controls in crypto infrastructure.

A British hacker leading the Scattered Spider collective admitted to stealing at least $8 million in cryptocurrency by using SMS‑phishing and SIM‑swap attacks on more than a dozen companies. The case underscores the risk of credential‑theft attacks on third‑party vendors and the inadequacy of SMS‑based MFA.

Vercel reported that attackers leveraged a compromised third‑party AI service, Context.ai, to hijack an employee's Google Workspace account and extract a subset of customer credentials. The incident highlights supply‑chain risks for cloud‑hosting providers and the importance of strict credential hygiene.

Vercel confirmed that attackers accessed internal systems by exploiting a compromised Google Workspace OAuth application tied to the AI platform Context.ai. The breach exposed environment variables for a limited set of customers, prompting immediate secret rotation and supply‑chain risk reviews.

Grinex, a crypto exchange under U.K. and U.S. sanctions, halted trading after a $13.74 million theft blamed on Western intelligence agencies. The breach underscores financial, compliance, and geopolitical risks for any organization that partners with high‑risk crypto platforms.

A senior Scattered Spider member admitted to a 2022 SMS‑phishing operation that spoofed Okta login pages, compromising credentials at over 130 technology companies and stealing $8 million in cryptocurrency. The case highlights the third‑party risk of credential‑based supply‑chain attacks.

Kyrgyzstan‑based crypto‑ruble exchange Grinex halted services after $13.7 million was stolen from Russian user wallets. The firm attributes the breach to Western intelligence, highlighting geopolitical and supply‑chain risks for third‑party crypto providers.

The Qilin ransomware gang’s 2024 breach of Synnovis continues to cripple pathology reporting at a South‑London NHS trust, leaving electronic results delayed and exposing nearly one million patient records. The prolonged outage underscores critical third‑party risk for health‑care providers.

A 2022 credential‑stuffing attack compromised roughly 68 000 DraftKings user accounts, enabling fraudsters to steal funds. The primary actor was sentenced in April 2026, highlighting the financial and reputational risk for partners of the online‑gaming platform.

A November 2022 credential‑stuffing breach exposed ~68,000 DraftKings accounts. The stolen credentials were sold on underground markets, generating over $2 million. In April 2026 a reseller was sentenced to 30 months, highlighting the third‑party fraud risk for gambling and payment platforms.

In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak . The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.

McGraw‑Hill confirmed that a misconfigured Salesforce environment exposed roughly 45 million records, with threat actors claiming to have accessed the data. The breach highlights SaaS configuration risk for education‑sector partners and underscores the need for rigorous third‑party risk controls.