Cyberattacks in 2025 continue to evolve at an unprecedented pace, with cybercriminals leveraging AI-driven automation, supply chain compromises and sophisticated ransomware to target IT service providers, cloud platforms and cyber security software vendors.
Recent high-profile breaches underscore the growing risks associated with supply chain vulnerabilities. If your cyber security provider or third-party vendor is compromised, how confident are you that your data, systems and customers remain secure?
Many organisations trust large consultancies for cyber security, assuming size equates to security. However, bigger isn’t always better—what truly matters is being big enough to be proactive and reactive during incidents. Providers must have the scale to detect and respond to threats swiftly and the agility to adapt to an ever-changing cyber landscape.
With 20 years in the industry, CyberOne has the agility of a start-up combined with the expertise and reliability of a seasoned cyber security provider. This balance is critical in ensuring resilience against supply chain threats, where reaction speed and strategic foresight make all the difference.
Here, we analyse the most significant cyber breaches that have affected supply chains in recent years, their impact and the key lessons we can learn from them.
Cyber security providers should be the first line of defence, yet some of the most significant breaches in recent years have involved IT service companies and security vendors. These incidents reinforce a crucial point—your cyber security provider is part of your supply chain and your business is directly exposed if they are breached.
Recent attacks on Orange, Tata and CDW breaches demonstrate how threat actors exploit vulnerabilities in widely used IT services to infiltrate numerous organisations simultaneously. These incidents serve as a wake-up call that even security companies are not immune to sophisticated cyber threats.
A hacker associated with the HellCat ransomware group claims to have stolen thousands of internal Orange Group documents, including customer and employee records, invoices, contracts and partial payment card details- this breach primarily affected Orange, Romania. It was made public after an unsuccessful extortion attempt.
The attacker exploited compromised credentials and vulnerabilities in Orange’s Jira software and internal portals, maintaining undetected access for over a month. During a three-hour data exfiltration process, the company failed to detect the attack, exposing 6.5GB of sensitive information.
Orange confirmed the breach, stating that it occurred on a non-critical back-office application and is currently investigating to assess the full impact.
Preventing breaches like this requires a strong identity security framework and proactive threat monitoring, ensuring multi-factor authentication (MFA) enforcement, role-based access controls and continuous identity monitoring to detect and mitigate credential-based attacks.
If an attacker gained access to your internal systems today, how long would it take for you to detect and respond?
The Hunters International ransomware group targeted Tata Technologies, a Tata Consultancy Services (TCS) subsidiary. This attack resulted in the exfiltration of confidential company data. The attackers later listed stolen information on their dark web portal, indicating a failed ransom negotiation.
The ransomware attack compromised internal systems, disrupting operations across multiple business units. While Tata Technologies has not disclosed the full scope of the breach, cyber security analysts suspect the group has stolen significant corporate data, project details and intellectual property.
To combat ransomware, businesses must deploy proactive threat monitoring, endpoint detection and rapid incident response to ensure 24x7 threat detection, AI-driven anomaly detection and automated response playbooks to mitigate ransomware risks.
Additionally, Dark Web Monitoring should be fully integrated into 24x7 Managed Detection and Response (MDR) capabilities to detect leaked credentials, stolen company data and emerging threats before they are used in further attacks.
Could your business continue operating if ransomware locked your critical systems?
In March 2025, TalkTalk, a major UK telecom provider, launched an urgent investigation after customer data appeared for sale on the dark web. The breach was traced back to a third-party supplier, making it yet another example of supply chain risks leading to customer exposure.
Reports indicate that the stolen data includes customer names, email addresses, account numbers and possibly financial details. If confirmed, this breach could lead to phishing attacks, identity theft, and regulatory penalties under GDPR.
Companies must conduct ongoing security assessments of their vendors, enforce Data Loss Prevention (DLP) policies and integrate Dark Web Monitoring into their Managed Detection and Response. By continuously scanning underground forums, marketplaces and hacker channels, businesses can detect leaked credentials and stolen customer data faster, enabling proactive mitigation efforts before they are exploited.
Would you know if your customer data was being sold on the dark web?
In 2024, Rackspace, a leading cloud computing and cyber security services provider, suffered a data breach after attackers exploited a zero-day vulnerability in ScienceLogic, a widely used IT monitoring platform. This breach underscored the growing risks associated with third-party software dependencies, even for organisations specialising in cloud security and infrastructure management.
Hackers successfully accessed Rackspace’s internal monitoring systems, exfiltrating sensitive operational data. While customer data was not directly affected, the breach highlighted vulnerabilities in supply chain security, demonstrating how attackers can leverage flaws in trusted third-party tools to infiltrate high-value targets.
Organisations must continuously assess the security of third-party tools integrated into their environments. Proactive zero-day threat intelligence, continuous monitoring and rapid patch management are critical to mitigating risks from third-party software dependencies.
How well do you monitor the security of third-party tools in your environment—and could an unpatched vulnerability expose your organisation?
In mid-2024, NTT, a Japanese telecom and IT giant, suffered a massive data breach that affected up to 18,000 corporate clients. Attackers accessed internal systems and exfiltrated sensitive business data, raising concerns about NTT’s supply chain security.
As a service provider to banks, government agencies and enterprises worldwide, NTT’s breach put thousands of organisations at indirect risk. The attack went undetected for an extended period, allowing hackers to move laterally across NTT’s systems before exfiltrating data.
Enterprises must invest in continuous security monitoring, endpoint detection and proactive threat intelligence to detect lateral movement early, map security risks, implement Zero Trust models and strengthen defences against supply chain attacks.
If an attacker were inside your network for months, would you detect them before they reached critical data?
In early 2023, CDW, a Fortune 500 IT services provider, fell victim to the LockBit ransomware gang. LockBit, one of the most active ransomware groups globally, claimed to have stolen sensitive corporate data from CDW’s internal systems and threatened to leak it unless a ransom was paid.
CDW provides thousands of enterprises with IT infrastructure and cyber security solutions, making this breach particularly concerning. Organisations that rely on CDW may now be at risk if their credentials, system configurations or contracts were exposed.
Companies must enforce continuous vendor security monitoring, zero-trust access controls and proactive ransomware defences through real-time tracking, AI-driven anomaly detection and automated response, ensuring threats are contained before data is stolen.
If your IT provider were compromised today, could you ensure your systems and data remain untouched?
The cyber security landscape is evolving and these breaches are a stark reminder that no provider is immune to attack. IT service providers, security vendors and software platforms are deeply embedded in your supply chain and their security posture directly impacts your risk exposure.
1. The Larger the Provider, the Greater the Risk Exposure
2. The Poacher/Gamekeeper Problem
3. Lack of Visibility Into Third-Party Security
At CyberOne, we provide independent cyber security expertise to help businesses assess, monitor and secure their supply chains. With 20 years of experience, we offer the agility of a start-up and the expertise of a seasoned cyber security provider, ensuring impartial security assessments and proactive risk management.
Would you like an initial security assessment to evaluate your supply chain risk? Book a Free 1:1 Consultation Session with CyberOne.