Code on a computer screen representing supply chain cybersecurity vulnerabilities

TL;DR: Third-party vendor involvement in data breaches doubled to 30% in 2025 and continues rising. The pattern is clear: attackers target smaller, less-secured vendors as entry points to larger organizations. Recent examples include Ledger (Global-e e-commerce partner), Korean Air (pension administrator), and PowerSchool (student information systems). AI is accelerating these attacks by automating vulnerability discovery and crafting perfect phishing. Your own security doesn't matter if your vendors are compromised. Here's the pattern and what you can do.

The Pattern

Supply chain attacks follow a consistent logic:[1]

  1. Target selection: Attackers identify a high-value organization with strong security
  2. Vendor mapping: They map the target's third-party relationships: suppliers, SaaS providers, contractors
  3. Weak link: They find a vendor with weaker security but trusted access
  4. Vendor compromise: Attack the vendor through phishing, vulnerabilities, or credential theft
  5. Pivot: Use the vendor's trusted access to reach the real target
  6. Payload: Exfiltrate data, deploy ransomware, or establish persistence

The beauty (for attackers) is efficiency: compromise one vendor, access hundreds of their customers.

Recent Cases Show the Pattern

Ledger (January 2026)

Hardware wallet company breached via Global-e, their e-commerce fulfillment partner. Customer shipping addresses and contact details exposed.

Korean Air (January 2026)

30,000 employees exposed via breach of pension benefits administrator. Attackers didn't need to breach Korean Air directly.

PowerSchool (2024-2025)

62+ million student records compromised via customer support portal credentials. One vendor, thousands of school districts.

Gravy Analytics (2025)

17TB of location data from hundreds of apps, all feeding data to one broker that was breached.

Each case: the target organization's own security was irrelevant. The vendor was the entry point.

The Numbers

The trend is accelerating:[2]

  • 30% of breaches now involve third parties (doubled from prior year)
  • 61% increase in attacks on logistics providers
  • Third-party ransomware was the dominant attack pattern in 2025
  • SaaS supply chains are expected to become primary entry points in 2026

Organizations may have excellent internal security, but the average enterprise has hundreds of vendor relationships, each a potential vulnerability.

Why Vendors Are Targeted

  • Trusted access: Vendors often have direct connections to customer systems or data
  • Smaller security budgets: Many vendors lack enterprise-grade security resources
  • Force multiplier: One vendor breach = many customer breaches
  • Audit gaps: Organizations struggle to assess all vendor security
  • Credential reuse: Vendor employees may reuse passwords across systems

AI Accelerates Everything

Artificial intelligence is amplifying supply chain attacks:[3]

Automated Reconnaissance

AI maps vendor relationships and identifies weak links faster than human researchers.

Perfect Phishing

AI crafts personalized phishing emails that bypass traditional detection: no grammar errors, perfect context.

Vulnerability Discovery

AI accelerates finding exploitable weaknesses in vendor software and configurations.

Scale

What took human attackers weeks can now happen in hours, targeting many vendors simultaneously.

The SaaS Supply Chain Problem

Modern organizations depend on sprawling SaaS ecosystems:[4]

  • The average enterprise uses 100+ SaaS applications
  • Each SaaS provider has its own vendors and integrations
  • Data flows through multiple third parties you may not know about
  • API connections create implicit trust relationships
  • OAuth tokens and service accounts provide persistent access

When a SaaS provider is breached, all their customers are potentially exposed. And most organizations don't have full visibility into their SaaS supply chain.

How to Protect Yourself

For Organizations

  • Vendor inventory: Know every third party that touches your data or systems
  • Risk tiering: Classify vendors by access level and data sensitivity
  • Security assessments: Require security questionnaires and audits for critical vendors
  • Contractual requirements: Include security standards, breach notification, and liability in contracts
  • Least privilege: Give vendors only the minimum access necessary
  • Monitoring: Log and alert on vendor access patterns
  • Incident response: Have plans specifically for vendor breach scenarios

For Individuals

  • Minimize services: Fewer accounts = fewer potential breach points
  • Unique passwords: Breached vendors can't compromise other accounts if passwords are unique
  • Monitor breaches: Use breach notification services to learn when your data is exposed
  • Freeze credit: Prevent fraud from vendor-sourced identity theft
  • Review permissions: Audit which apps and services have access to your accounts

How Defense Is Evolving

Security practices are shifting in response:[5]

  • Zero Trust: Verify every access request, even from "trusted" vendors
  • Continuous monitoring: Ongoing visibility into vendor access, not just point-in-time audits
  • Supply chain visibility: Tools to map and monitor entire vendor ecosystems
  • Software bill of materials: Tracking all components in software supply chains
  • Faster detection: Emphasis on detecting breaches quickly since prevention will sometimes fail

The Bottom Line

Your security is only as good as your weakest vendor. And you have a lot of vendors.

The pattern is clear and accelerating: Ledger via Global-e. Korean Air via pension administrator. PowerSchool via support portal. Gravy Analytics via app partnerships. In each case, the primary organization's defenses were irrelevant.

Third-party breaches have doubled and will keep rising. AI makes attacks faster and more effective. SaaS dependencies create hidden risks.

Organizations need vendor security programs as a core competency. Individuals need to assume their data will eventually be breached through some third party they've never heard of, and protect themselves accordingly.

The perimeter isn't yours anymore. Your vendors are inside it.

References

  1. Kiteworks - 2025 Data Breach Investigations Report Third-Party Analysis
  2. Supply Chain Brain - Supply Chain Cyber Attacks 2025-2026
  3. Forbes - AI Accelerates Supply Chain Attacks
  4. SC World - SaaS Supply Chain as Primary Entry Point
  5. Security Brief - Cyber Resilience Evolution 2026