The Top Third-Party Breaches of 2022 (So Far): Steps to Mitigate Risks

The pace of third-party data breaches and intrusions is accelerating at an alarming rate. Use these tips to adapt your security procedures to include vendors, partners and suppliers.
Dave Shackleford
Owner & Principal Consultant, Voodoo Security
July 27, 2022
Blog top breaches 0722

Organizations rely on more vendors and suppliers than ever before, and many of these third-party relationships involve data sharing and/or IT system access. This creates an intricate web of exposures, vulnerabilities and risks that that can be difficult for organizations to understand and manage. The number of third-party data breaches so far in 2022 attest to that.

Let’s consider the risks. Lack of governance over third-party relationships can lead to:

  • Data exposure due to malware infection (such as ransomware) caused by poor configuration
  • Attacks on resiliency and availability (such as from denial-of-service, or DDoS)
  • Compromised stakeholder systems and accounts from social engineering campaigns
  • Software supply chain compromises like those affecting Kaseya, SolarWinds, and their customers

In this post, I will review a few especially damaging third-party data breaches that have already happened this year. I’ll also share five techniques for reducing your third-party attack surface.

Top 2022 Third-Party Security Incidents

So far in 2022, we’ve seen a range of third-party breaches and incidents targeting manufacturing, schools, and healthcare-related services. Here are three of the most notable events:


In February 2022, Toyota shut down operations in Japan after a major plastic supplier, Kojima Industries, suffered a data breach. Kojima had remote access to Toyota manufacturing plants, greatly increasing Toyota’s risk. As a result of the temporary shutdown, Toyota suffered financial and operational losses.

Illuminate Education

Between 800,000 and 5 million student records were compromised at Illuminate, with many delays noted in the detection and reporting of the breach.


Healthcare company Highmark suffered a breach due to partner Quantum Group suffering a ransomware attack. Up to 657 healthcare entities were affected by this compromise.

5 Techniques for Assessing Third-Party Data Breach Risk

It's critical that we start expanding our risk assessment and remediation models to better accommodate for third-party organizations, many of which may not have adequate security controls in place. Even though it might feel like you have little control over the security practices of your vendors and suppliers, there’s still a lot you can do to better prepare for and detect third-party breaches and risks.

Here a few techniques you can employ right now:

  1. Discover and inventory third-party organizations connected to your network. Be sure to focus on ingress and egress network access controls, authentication and authorization controls, and activity logging and monitoring.
  2. Map access to sensitive data in your organization’s environment using data flows and specific network access conduits, as well as groups that are granted permissions to these data types.
  3. Perform threat modeling for potential sources of a malware infection. Could a third-party malware outbreak lead to your environment being compromised as well?
  4. Discover and inventory data (your organization’s data, that is) that is stored in or shared with third-party environments. Could you be impacted by a ransomware infection that hijacks their data stores and backups?
  5. Update your third-party risk assessment questionnaires, incorporating questions about attack prevention, detection and response capabilities. In addition, increase the frequency of these assessments and utilize continuous threat monitoring for a constant feed of risk intelligence.

Next Step: Watch the On-Demand Webinar for Additional Tips

Want to learn more? Be sure to watch the on-demand version of my webinar, The Top 5 Biggest Third-Party Data Breaches of 2022 … and How They Could Have Been Prevented.

During the webinar, I dig into the following topics:

  • Understanding recent third-party breaches and how they happened
  • Implementing avoidance and mitigation tactics to prevent breaches
  • Preparing for similar risks and asking the right questions of your third parties

Don’t get caught flat-footed. Evaluate your third-party assessment and monitoring strategies today!

Dave Shackleford
Dave Shackleford
Owner & Principal Consultant, Voodoo Security

Dave Shackleford is the owner and principal consultant of Voodoo Security and faculty at IANS Research. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. Dave is a SANS Analyst, serves on the Board of Directors at the SANS Technology Institute, and helps lead the Atlanta chapter of the Cloud Security Alliance.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo