'Troubling' rise in supply chain cyber attacks

13 April 2021

Supply chain attacks rose by 42% in the first quarter of 2021 in the US, impacting up to seven million people, according to research.

Analysis of publicly-reported data breaches in quarter one by the Identity Theft Resource Center (ITRC) found 137 organisations reported being hit by supply chain cyber attacks at 27 different third-party vendors.

This compared to 19 data compromies related to supply chain attacks in the previous quarter. 

The research found all data compromises were up by 12% quarter-on-quarter, but the number of individuals impacted by data breaches went up 564%. ITRC said the attacks affected seven million people.

“A primary reason for the gap in compromises and impacts is a 42% rise in the number of supply chain attacks compared to Q4 2020,” ITRC said.

Data breaches included high-profile cases such as cyber attacks on IT provider Accellion’s File Transfer Appliance (FTA), which impacted organisations including Shell, the Reserve Bank of New Zealand, Bombardier and Kroger.

Last month Shell said it had launched an investigation into the breach, which it said had shown that “an unauthorised party gained access to various files… some contained personal data and others included data from Shell companies and some of their stakeholders”. 

According to the FBI’s annual report into internet crime, phishing was the number one complaint for individuals and businesses in 2020. The report found there had been $1.8bn in business losses directly attributed to phishing.  

Eva Velasquez, CEO of the ITRC, said: “While the number of data compromises is only up slightly, the rise in supply chain attacks is troubling.

“Supply chain, phishing, and ransomware attacks reflect a broader trend that cyber criminals want to exploit multiple organisations through a single point-of-attack. The most important action people can take to help protect themselves is to exercise good cyber-hygiene habits.”

 Want to stay up to date with the news? Sign up to our daily bulletin.

CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates