.png)
In another alarming incident of cybercrime, UBS and DSM-Firmenich have confirmed that sensitive employee data was stolen due to a breach involving their IT service provider. According to Swiss newspaper Le Temps, this breach was part of a larger cyberattack affecting 27 multinational companies, including Amazon, McDonald’s, Lenovo, HSBC, and Delta, with 7.9 million employees impacted globally.
The cyberattack originated from vulnerabilities in the MOVEit software, a widely used data transfer tool provided by Progress Software. The software had known issues since last year, which cybercriminals exploited to gain unauthorized access to sensitive information. MOVEit’s vulnerabilities have now left a staggering trail of breached data, including the personal information of 20,462 UBS employees and 13,248 employees at DSM-Firmenich.
DSM-Firmenich confirmed that the leaked data primarily involved employees from its former Firmenich division. The information included first and last names, outdated meeting room names, and defunct email addresses. Thankfully, no client or financial data was affected. In response, DSM-Firmenich assured the public that it has reinforced its data security measures.
For UBS, Le Temps reports that data on over 20,000 employees appeared on the darknet. However, UBS declined to comment further on the incident.
This breach highlights the far-reaching consequences of third-party vulnerabilities. With 27 major companies and millions of employees affected, the MOVEit vulnerability underscores how a single software issue can cascade into a global cybersecurity crisis.
These incidents reiterate the importance of proactive vendor risk management. Companies can no longer afford to rely solely on their internal security but must also monitor and audit their IT service providers. Solutions like Supplier Shield enable businesses to identify and address third-party risks before they lead to significant breaches.
This incident serves as a critical reminder for businesses to proactively address third-party risks. Many breaches, like the one involving MOVEit, stem from vulnerabilities in external vendors’ systems. Companies can safeguard their operations by conducting regular audits, monitoring vendor security practices, and responding quickly to detected vulnerabilities.
Supplier Shield helps businesses achieve this by providing comprehensive third-party risk management solutions. Through continuous monitoring of vendor systems, early detection of vulnerabilities, and actionable insights, Supplier Shield enables companies to identify risks before they escalate. By partnering with solutions like this, organizations can strengthen their supply chain defenses and reduce the likelihood of being impacted by similar breaches.
.png)
.png)