Week 2 of August, 2025 taught us that with cyberattacks, no industry is off-limits. Malicious actors have targeted global airlines, cloud service providers, healthcare providers, supply chains, proving that third-party vendors can be weak links.
The issue starts with trusted platforms many companies use every day. Last week's news broke with a case involving a major tech giant.
Google Confirms Cloud Breach Affecting User Data
Google has confirmed suspicious activity in one of its internal Salesforce databases, potentially linked to the ShinyHunters group (UNC6040).
Attackers were able to access contact details and notes tied to small and medium-sized businesses. Google says it spotted the breach, reviewed the impact, and kicked off mitigation steps.
The stolen data was described as basic business information – no passwords or payment data – and there’s been no sign of a ransom demand so far.
What’s the Implication of this?
This is a clear supply chain attack. Even for a major cloud provider like Google, a single weak point in a third-party vendor can cause a domino effect, exposing data for all its customers.
What You Can Do
- Use multi-factor authentication on all cloud accounts
- Monitor access logs for unusual login attempts
- Train staff to spot phishing attempts targeting shared tools.
The Google breach proves that our data's security is tied to the most vulnerable point in our entire chain of partners.
Air France–KLM Reports Breach Through Vendor
Air France and KLM reported a breach involving their customer service platform.
The airlines detected unusual activity on an external platform used to manage customer interactions and quickly worked with the vendor to block unauthorized access.
While the attackers didn’t access internal systems, some customer data was exposed. The airlines did not disclose exactly what information was stolen but said it did not include passwords, passport numbers, travel details, or payment information.
What’s the implication of this?
This breach demonstrates the danger of an external backdoor. The airlines’ internal systems were secure, but an external vendor managing a specific function – in this case, customer service – became a point of entry. It's essential to properly vet any platform we give access to our data, regardless of how minor its role seems.
What You Can Do
- Limit the amount of customer data your vendors can access
- Ask vendors about their security methods before signing a contract
- Make sure third-party access is monitored and removed when no longer needed
Healthcare isn’t exempt either. The next breach involves a hospital whose data was compromised long after switching vendors – showing that vendor risk doesn’t always end when a contract does.
Glens Falls Hospital Reports Data Breach Tied to Oracle
Glens Falls Hospital disclosed a data breach that traces back to its former electronic health record vendor, Oracle Health. In January 2025, attackers accessed patient data stored on Oracle’s Cerner platform even though the hospital had switched vendors in November 2024.
While the hospital’s current systems weren’t involved, the exposed data includes names, Social Security numbers, and medical details. Oracle and Glens Falls are now offering 24 months of free credit monitoring to patients who may have been affected.
What’s the implication of this?
This case reveals post-contract data exposure. Data may remain vulnerable long after a partnership ends.
What You Can Do
- Set clear rules in your contracts about data deletion
- Audit old vendors to confirm your data is gone
- Limit how much data you share in the first place
Tech, travel, healthcare – different industries, same challenge: managing the chain reaction of third-party risk. Whether they are active or former partners, these breaches prove that vendor risk is a widespread problem.
It’s no longer enough to protect your internal systems. Your security now depends on how well you manage vendor relationships before, during, and after a contract.
At Cyberkach, we help your business stay ready through cyber awareness training and real cybersecurity planning.
Want to protect your business better? Contact us and subscribe to our blog for weekly updates.