vendor-risk

The Printing Provider Pivot: Concentration Risk Hits US Banks

John Z Black Apr 27, 2026

Incidents & Breaches #ransomware #banking #vendor-risk #everest #supply-chain

Citizens Bank and Frost Bank customers had their data stolen through outsourced printing and tax fulfillment vendors. Everest ransomware is targeting the boring middle layer.

When the Breach Isn't at Your Bank: Third-Party Risk Hits Healthcare and Finance in the Same Week

John Z Black Apr 15, 2026

Incidents & Breaches #data-breach #third-party-risk #healthcare #financial-services #springfield-hospital #marquis #lapsus #vendor-risk

A hospital email account, a fintech ransomware attack still sending notifications eight months later, and a Lapsus$ claim against a financial vendor. Third-party concentration risk landed in two sectors at once this week.

The LAPD Was Not Hacked. But 7.7 Terabytes of Its Data Leaked Anyway.

John Z Black Apr 12, 2026

Incidents & Breaches #lapd #world-leaks #hunters-international #data-breach #third-party-risk #vendor-risk #law-enforcement

World Leaks didn't touch LAPD's network. They breached a third-party file-sharing app connected to the LA City Attorney's Office that apparently had no password protecting it. 337,000 files including Internal Affairs records and witness names are now in an extortion group's hands.

The Ransomware 'Negotiator' Was Running the Attack: DigitalMint's $75M Double Cross

John Z Black Mar 13, 2026

Ransomware #ransomware #incident-response #digitalmint #blackcat #vendor-risk #extortion

Federal charges reveal DigitalMint's ransomware negotiators were allegedly running the attacks themselves. The second employee charged in the same operation. This wasn't a rogue employee. It was the business model.