Coverbase
Third Party Incident Briefings

The third-party incidents that mattered this month.

Each month we round up the third-party security, privacy, compliance, and risk incidents worth your attention and write up the ones that matter. The first edition went out in May 2026. The next one is on the way.

Three or four a month

We pick the three or four third-party incidents each month that are actually worth knowing about, across security, privacy, compliance, and risk. No noise.

Impact first

Each entry says who got hit and how, so you can size up your own exposure fast.

Full reports when it matters

When an incident has real lessons in it, we publish a write-up on what happened, who it reached, and what to do. Those are linked from the timeline.

The timeline

A running log of third-party incidents

Newest at the top, grouped by month. Entries with a Coverbase report link to our full write-up.

July 2026

Security

Sales-enablement SaaS integration abused to raid customer Salesforce orgs

A compromised legacy credential at a competitive-intelligence integration vendor let attackers steal OAuth tokens and pull CRM data from roughly 200 downstream tenants, several of them security vendors themselves.

Privacy

State licensing vendor breach exposes millions of residents' IDs

Unauthorized access to the system a state agency uses to sell recreational licenses exposed driver's license and passport numbers for more than three million residents, triggering a mandated credit-monitoring offer.

Risk

Ransomware hits a Tier-1 electronics manufacturer, spilling client trade secrets

A 630GB leak from a contract manufacturer's systems included proprietary engineering and manufacturing documents from multiple OEM clients, exposing how deep supply-chain concentration risk reaches into IP protection.

Compliance

Regulator finalizes a decade-long consent decree over vendor PII access failures

A ten-year enforcement order followed findings that a student-data platform never contractually restricted how its vendors could access more than 10 million students' personal information.

June 2026

Latest report
SecurityCoverbase report

The platform beneath your vendors: GitHub breach traces nth-party exposure

A poisoned VS Code extension compromised a GitHub employee laptop and helped expose 3,800 internal repositories for sale, showing how supply-chain risk now sits below the vendor surface.

Read: The Platform Beneath Your Vendors
Security

Package registry namespace hijacked to ship trojanized releases

A compromised employee GitHub account pushed malicious versions of more than 30 packages with valid build provenance, reaching roughly 80,000 weekly downloads before the releases were pulled.

Compliance

Workflow platform patches a reported flaw only after customers are hit

A bug-bounty report sat unfixed for six weeks while attackers probed customer instances, raising disclosure-timeline questions and breach-notification duties for affected tenants.

Risk

Hyperscaler login outage locks tenants out of their own cloud

A near eight-hour identity failure cut off console, CLI, and API access, leaving customers unable to manage their own resources or reach support for the duration.

May 2026

Inaugural edition
SecurityCoverbase report

AI gateway hands over the keys: shared LLM proxy leaks tenant credentials

A widely used AI gateway exposed downstream customers' model and cloud API keys, putting every connected tenant's data and spend at risk.

Read: When your AI gateway hands over the keys
Security

Managed file-transfer appliance zero-day exploited in the wild

An unauthenticated remote-code-execution flaw let attackers exfiltrate data from hundreds of organizations that rely on the appliance for partner data exchange.

Privacy

Customer-data platform misconfiguration exposes consumer profiles

Millions of enriched consumer records were left queryable without authentication, triggering GDPR and CCPA notification duties for the brands downstream.

Compliance

Cloud region outage cascades through dependent SaaS vendors

A multi-hour control-plane failure took down vendors built on the region, exposing concentration risk and triggering SLA-credit and resilience-reporting obligations.

April 2026

Security

Hijacked build dependency ships a credential-stealing payload

A popular package was compromised to harvest CI/CD secrets, reaching thousands of downstream applications before the malicious release was pulled.

Risk

Tier-1 payments processor enters sudden financial distress

Liquidity concerns at a critical processor forced merchants to stand up contingency rails and re-underwrite a concentrated single point of failure.

Privacy

HR and benefits vendor breach exposes employee PII

Social Security numbers and health-plan data for staff across many client companies were accessed, cascading breach-notification duties to every customer.

Compliance

Undisclosed sub-processor breaches data-residency terms

An unannounced offshore sub-processor violated contractual residency commitments, forcing customers to pause data flows and re-paper their DPAs.

March 2026

Security

Identity provider token theft enables tenant account takeover

Stolen support-system tokens let attackers pivot into downstream customers' tenants, reviving hard questions about over-trusting the IdP.

Security

Backdoor discovered in a widely used open-source library

A maliciously maintained dependency nearly shipped a remote backdoor into countless production systems before a researcher caught it.

Risk

Critical logistics SaaS acquired, sunset announced

An acquirer's end-of-life notice gave dependent shippers only months to migrate, surfacing exit-readiness and concentration gaps across supply chains.

Privacy

Embedded analytics SDK caught exfiltrating location data

A third-party mobile SDK quietly collected precise geolocation, exposing every app that bundled it to regulatory scrutiny and app-store removal.

Want these incidents triaged against your own vendors?

Book a demo