Third-party breach downstream fallout hits healthcare, education and finance at scale
Target Trend
Summary
Hide ▲
Show ▼
A 2025 analysis found third-party breaches are creating a much larger downstream blast radius, with 136 verified events impacting 433 million individuals and 719 companies. The pattern matters because vendor compromise is spreading harm well beyond the initial breach point. Software services vendors were the leading upstream source, making this a supply-chain risk issue rather than isolated incidents. Notification delays remained severe, with a 73-day median to tell customers, slowing credential resets and access revocation.
Related Happenings
Newly disclosed CVSS 7 to 10 vulnerabilities accelerated exploitation wave
Exploitation Wave
First: 18.03.2026 15:00
Last: 18.03.2026 15:00
Sources 1
About this happening:
Exploitation of newly disclosed **CVSS 7 to 10 vulnerabilities** surged **105% YoY**, shrinking the time defenders have to react and patch. The median disclosure-to-**CISA KEV** i...
Newly disclosed CVSS 7 to 10 vulnerabilities accelerated exploitation wave
Exploitation WaveAbout this happening: Exploitation of newly disclosed **CVSS 7 to 10 vulnerabilities** surged **105% YoY**, shrinking the time defenders have to react and patch. The median disclosure-to-**CISA KEV** i...
Supply-chain breach impact surges across large enterprises in BlueVoyant 2025 survey
Target Trend
First: 20.11.2025 16:15
Last: 20.11.2025 16:15
Sources 1
About this happening:
**97%** of surveyed organizations reported being negatively affected by a **supply chain breach**, signaling a near-universal operational risk across large enterprises. The share...
Supply-chain breach impact surges across large enterprises in BlueVoyant 2025 survey
Target TrendAbout this happening: **97%** of surveyed organizations reported being negatively affected by a **supply chain breach**, signaling a near-universal operational risk across large enterprises. The share...
Timeline
-
03.03.2026 13:00 2 articles · 2mo ago
Black Kite quantifies downstream fallout from third-party breaches
Initial DisclosureBlack Kite's seventh annual Third-Party Breach Report quantifies downstream harm from third-party breach incidents, saying 136 verified breaches in 2025 affected 433 million individuals, 719 companies and an additional 26,000 unnamed corporate victims. The analysis also says software services vendors were the most common upstream source and that customer notification delays remained severe, with a 73-day median time to notify downstream customers.
Show sources
- Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00
- Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks — www.infosecurity-magazine.com — 03.03.2026 13:00