✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Outsourcing/Offshoring
Breach intelligence, attack campaigns, and threat reports targeting the Outsourcing/Offshoring sector.
Explore Other Sectors
Outsourcing/Offshoring Threat Reports
Hims & Hers Data Breach: Lessons in Third-Party Security
In early February 2026, telehealth company Hims & Hers Health experienced a data breach when unauthorized individuals accessed support tickets through their third-party customer service platform, Zendesk. The breach, occurring between February 4 and February 7, exposed personal information such as names and contact details of customers. Importantly, no medical records or doctor communications were compromised. The company promptly secured the platform and initiated an investigation upon discovering the suspicious activity on February 5. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/hims-and-hers-warns-of-data-breach-after-zendesk-support-ticket-breach/?utm_source=openai)) This incident underscores the vulnerabilities associated with third-party service providers and the critical need for robust security measures. As cyber threats targeting support systems increase, organizations must enhance their security protocols to protect sensitive customer data and maintain trust.
2 months ago
Kill Chain
Crunchyroll's 2026 Data Breach Raises User Privacy Concerns
In March 2026, Crunchyroll, a leading anime streaming platform, faced a class-action lawsuit alleging violations of the Video Privacy Protection Act (VPPA). The lawsuit claims that Crunchyroll shared users' personal data, including email addresses, device IDs, and viewing histories, with the marketing company Braze without obtaining proper consent. This alleged data sharing has raised significant privacy concerns among users and industry observers. ([animecorner.me](https://animecorner.me/crunchyroll-hit-with-class-action-lawsuit-over-allegedly-disclosing-anime-viewing-habits-to-third-party/?utm_source=openai)) This incident underscores the critical importance of adhering to data privacy regulations and obtaining explicit user consent before sharing personal information. It also highlights the potential legal and reputational risks companies face when failing to protect user data adequately.
3 months ago
Kill Chain
Telus Digital's 2026 Data Breach: A Wake-Up Call for Cloud Security
In March 2026, Telus Digital, the business process outsourcing arm of Canadian telecommunications provider Telus, confirmed a significant data breach orchestrated by the cybercriminal group ShinyHunters. The attackers exploited Google Cloud Platform credentials obtained from a previous breach, enabling them to access Telus Digital's systems over several months. This intrusion led to the exfiltration of nearly 1 petabyte of sensitive data, including customer support records, call logs, and internal corporate information. The breach not only compromised Telus Digital's data but also affected numerous client companies relying on their services. ShinyHunters attempted to extort Telus Digital for $65 million, threatening to release the stolen data publicly. Telus Digital has since engaged cybersecurity experts and law enforcement to investigate and mitigate the breach's impact. This incident underscores the escalating threat posed by sophisticated cybercriminal groups like ShinyHunters, who have been linked to multiple high-profile data thefts and extortion campaigns targeting major organizations worldwide. Their tactics often involve exploiting misconfigured cloud services and leveraging stolen credentials to infiltrate systems, highlighting the critical need for robust security configurations and vigilant monitoring of cloud environments.
3 months ago
Kill Chain
China’s Brickstorm Malware Campaign: The New Face of State-Level US Espionage in 2024
In 2024, U.S. and Canadian cybersecurity authorities, together with threat analysts from Google and CrowdStrike, disclosed an extensive, ongoing cyber-espionage campaign attributed to China-linked state actors known as Warp Panda and UNC5221. Utilizing the advanced Brickstorm malware, attackers achieved undetected persistence within critical infrastructure and government agency networks for an average of over a year, beginning as early as 2022. Brickstorm, targeting VMware vSphere and Windows environments, enabled stealthy lateral movement, automated reinfection, and the theft of sensitive identity and configuration data. The campaign exploited cloud misconfigurations, edge device vulnerabilities, and under-monitored zones, impacting dozens of U.S. organizations and associated downstream victims. This incident reflects the continued evolution of state-sponsored Chinese cyber-operations. Its strategic targeting, tradecraft sophistication, and stealth tactics represent persistent threats for both government and private sector organizations managing hybrid or multi-cloud environments.
5 months ago
Kill Chain
Hacker Exposes 2.3TB in FS Italiane / Almaviva Supply Chain Breach (2024)
In June 2024, a hacker reportedly breached the systems of Almaviva, an Italian IT provider serving FS Italiane Group, the nation’s railway operator. The attacker claimed to have exfiltrated 2.3TB of sensitive corporate data—including documents, contracts, financial information, and communications—garnered by exploiting weaknesses in the supplier’s defenses. Although FS Italiane’s operational technology was not directly compromised, the breach of Almaviva’s infrastructure exposed highly confidential client and business data, raising concerns about third-party risks and data privacy for an array of Italian public sector organizations. This incident highlights a worrying trend of attackers targeting IT services providers as a conduit for large-scale data breaches against critical infrastructure operators. With supply chain vulnerabilities on the rise, organizations must urgently reassess their vendor risk management and network segmentation strategies to prevent similar cascading impacts.
5 months ago
Kill Chain
Supply Chain Breach Hits Italian Rail Group via Almaviva: 2.3TB Data Stolen in 2024
In early June 2024, a threat actor claimed responsibility for breaching the Italian railway operator FS Italiane Group by targeting its IT services provider, Almaviva, resulting in the exfiltration of 2.3TB of sensitive data. The attackers reportedly gained initial access through compromised internal systems and leveraged this infiltration to move laterally, eventually accessing and downloading a vast trove of corporate documents, contracts, and possibly personal information related to employees and customers. The incident exposed Italy's transportation sector to significant risk of espionage, operational disruption, and data loss, igniting widespread concern among critical infrastructure operators. This breach highlights the mounting threat posed by attacks on trusted IT service providers, which serve as gateways to high-value targets. With the proliferation of supply chain and third-party compromise incidents globally, organizations in critical industries must reassess their lateral movement controls, segmentation, and third-party risk governance.
5 months ago
Kill Chain
Conduent’s 2024 Data Breach: Over 10 Million Records Stolen in Major BPO Attack
In June 2024, business process outsourcing giant Conduent confirmed a major data breach after attackers gained unauthorized access to its systems, exposing sensitive information of approximately 10.5 million individuals across the United States. The breach came to light following regulatory disclosures and was attributed to exploitation of a third-party vulnerability, allowing attackers to access personal data used in Conduent's healthcare and government services contracts. Impacted data reportedly includes names, social security numbers, addresses, and related identifiers tied to outsourced processing for public sector and healthcare organizations. This breach underscores persistent risks faced by organizations managing data at scale for critical sectors, with attackers increasingly targeting supply chain or third-party gaps. Growing regulatory scrutiny and rising consumer awareness are amplifying the urgency for improved data protection, robust access controls, and ongoing monitoring against sophisticated threat behaviors.
5 months ago
Kill Chain
Capita Hit by Black Basta Ransomware: 6.6 Million Impacted in 2023 Breach
In March 2023, UK outsourcing giant Capita suffered a major data breach after an employee downloaded a malicious file, giving threat actors access to internal systems. The Black Basta ransomware gang exploited delayed response and weak access controls to maintain persistence for 58 hours, move laterally, and exfiltrate nearly a terabyte of sensitive data covering 6.6 million individuals, including customers of over 325 pension providers. The attackers deployed ransomware, resetting passwords and disrupting access, forcing Capita to take some systems offline and ultimately resulting in a £14 million regulatory fine after failing to meet key security requirements. This breach highlights the growing menace of ransomware operations targeting supply chain and service providers, with regulatory authorities emphasizing rapid response, robust access controls, and continuous security testing. Organizations face increased scrutiny to maintain strong cybersecurity baselines as attackers evolve tactics and exploit internal weaknesses.
5 months ago
Kill Chain
How a Breached BPO Account Led to Discord’s Massive 2025 Zendesk Data Breach
In late September 2025, attackers compromised a support agent account at an outsourced BPO provider and gained unauthorized access to Discord’s Zendesk support platform for 58 hours. Exploiting privileged access, they exfiltrated up to 1.6 TB of data, including approximately 8.4 million support tickets affecting 5.5 million users, with sensitive information such as emails, Discord IDs, phone numbers, partial payment data, and around 70,000 government-ID photos. The threat group leveraged integrations between Zendesk and Discord’s internal systems, extracted additional user details via APIs, and attempted a multimillion-dollar ransom before threatening public data release. This incident highlights the growing risk from third-party supply chain attacks targeting cloud-based customer support platforms and BPO providers. The attacker's tactics—abusing helpdesk integrations and privilege escalation—reflect broader cybercrime trends, including identity-driven attacks, data extortion, and rising regulatory scrutiny.
5 months ago
Kill Chain
Brickstorm Backdoor: UNC5221’s Stealthy Edge Device Supply Chain Attack (2024)
In a sophisticated cyber-espionage campaign uncovered in 2024, the China-linked group UNC5221 systematically compromised edge network appliances—such as firewalls, VPNs, and virtualization hosts—unable to run traditional EDR agents. By deploying a newly evolved backdoor known as 'Brickstorm,' the attackers gained highly persistent, stealthy access to organizations in technology, legal, SaaS, and outsourcing sectors. The malware, enhanced with delayed activation and strong obfuscation, leveraged unique command-and-control domains per victim and often exploited both zero-day and publicly known vulnerabilities. High-value credential harvesting and lateral movement to strategic systems, such as VMware vCenter, enabled the threat actor to maintain undetected access for an average of 393 days, facilitating both data theft and potential downstream customer compromise. This incident highlights the evolving risk posed by state-sponsored actors targeting blind spots in infrastructure—especially unmanaged or agentless edge devices critical to supply chains and cloud access. With ongoing innovation in stealth tactics and platform abuse, the Brickstorm campaign marks a serious escalation in the complexity and duration of modern supply chain threats.
5 months ago
Kill Chain
UNC5221 Breach: BRICKSTORM Backdoor Hits U.S. Legal & Tech Sectors (2025)
In September 2025, a sophisticated cyber espionage operation targeting U.S.-based legal services, SaaS providers, BPOs, and technology firms was attributed to UNC5221, a suspected China-nexus threat actor. The attackers leveraged the BRICKSTORM backdoor as their primary access mechanism, gaining initial entry through spear-phishing campaigns and exploiting software vulnerabilities. Once inside, they focused on lateral movement, data gathering, and exfiltration, leveraging encrypted channels to avoid detection. The incident resulted in exposure of sensitive legal documents, business data, and intellectual property, highlighting the advanced TTPs of nation-state actors targeting critical professional sectors. This breach exemplifies the growing prevalence of targeted espionage campaigns against high-value service and technology industries. It underscores the urgency for organizations to adopt advanced threat detection, zero trust segmentation, and strong encrypted communication controls in the face of persistent, well-resourced adversaries and heightened regulatory scrutiny.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports