Ericsson Breach Exposes Data of 15k Employees and Customers
Ericsson data breach affects 15k employees/customers after third-party service provider compromise
Service providers can expose customer data and systems through weak access controls, insecure integrations, or third-party supply-chain risks.
Search across headline titles and summaries.
Background for this topic.
Service provider is an organization that delivers infrastructure, platforms, software, connectivity, or managed technical operations to customers over a network. In security reporting, the term usually means an external provider whose systems, personnel, or integrations process customer data or administer customer environments. Responsibility is shared: the provider secures the services and underlying environment it controls, while the customer must configure access, data handling, and integrations correctly.
Material risks include compromised provider accounts or administrative interfaces, vulnerabilities in shared software or infrastructure, inadequate isolation between customers, and loss of availability at a dependency. Providers should apply least-privilege access, strong authentication, secure development and vulnerability management, tenant isolation, logging, encryption where appropriate, and tested recovery procedures. Customers need evidence of relevant controls, clear contracts covering data use, privacy, breach notification, audit rights, retention and deletion, and coordinated incident response. Reviews should also address subcontractors, service changes, and how data and operations can be recovered or moved if the service is disrupted.
Weekly headline count for the current query.
Ericsson data breach affects 15k employees/customers after third-party service provider compromise
Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers
A RUSI report warned that money mules are exploiting inadequate security controls in smaller payment service providers to move fraudulent transactions about
Cognizant handed over a password to the cybercriminal without asking any authentication questions
Banking giant UBS revealed it had suffered a data breach following a cyber-attack on procurement service provider Chain IQ
A rise in smishing campaigns impersonating toll service providers has been linked to China’s Smishing Triad
A thousand UK service providers will be expected to comply with the forthcoming Cyber Security and Resilience Bill
Veeam has released patches for critical VSPC flaws, requiring immediate attention from affected service providers
The service, developed in collaboration with Cloudflare and Accenture, is available for UK schools and most education service providers
A legal sector specialist infrastructure service provider has experienced a service outage that is impacting up to 200 conveyancing firms across the UK
Banks and financial service providers have emerged as attractive targets for the most prominent ransomware groups
The UK strengthens its regulations on Network and Information Systems (NIS) to better prevent software supply chain attacks
The group is characterized by the use of a stolen digital certificate issued by DEEPSoft
Managed service provider Advanced publishes update on recent cyber incident
CISA published a new advisory warning organizations about China-based, state-sponsored cyber-attacks
Service providers must now assess whether materials should be taken down