Expanded Impact of Third-Party Breaches in 2025

Timeline

1. 03.03.2026 13:00 1 articles · 23h ago

   2025 Third-Party Breach Report Highlights Expanded Impact and Systemic Risks

   In 2025, 136 verified third-party breaches impacted 433 million individuals and 719 downstream companies, with an additional 26,000 corporate victims unlisted. The report highlights significant delays in breach detection and notification, emphasizing the systemic risk posed by third-party breaches. The analysis of top shared vendors revealed widespread critical vulnerabilities and active targeting, indicating a growing crisis in third-party risk management.

   Show sources

   • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

   Open in new tab

Information Snippets

• 136 verified third-party breaches impacted 433 million individuals and 719 downstream companies in 2025.

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

• An additional 26,000 corporate victims were reported without being named.

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

• Software services vendors accounted for 28% of the breaches, followed by professional and technical services (14) and healthcare services providers (10).

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

• The median time for breach detection was 10 days, and the average was 68 days.

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

• The median time to notify customers was 73 days, with an average of 117 days.

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

• Over half (54%) of monitored organizations had at least one critical vulnerability, and 23% had credentials circulating on the dark web.

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

• 70% of top shared vendors had at least one CISA KEV exposure, and 84% had critical vulnerabilities.

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

• 80% of top shared vendors displayed exposure to phishing URLs, and 40% showed signals of active targeting.

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

• 62% of top shared vendors had corporate credentials exposed in stealer logs, and 30% had breached credentials in the past 90 days.

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00

• 52% of top shared vendors had a breach history, with 18% suffering an incident in the past year.

  First reported: 03.03.2026 13:00
  1 source, 1 article
  Show sources

  • Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00